New Understanding of ASP. NET cookies

I have been using Form Verification for user login. Sometimes, to save time, you need to remember the user name in the user name input box, saving you the need to re-enter the user name next time. In this case, only form verification is not acceptable, because form verification will invalidate the user upon exiting the system. Therefore, cookie is required. I thought it would be easy to do this, but it took a lot of time and failed. Although the user name and password are correct, the system always rejects logon and returns to the logon page. The username input box on the logon page remembers the username, but the username is garbled. Really depressing! Once thought that the system had gone wrong, and restarting the machine would not help. After repeated checks and tests, it is found that if cookies are written before form verification, logon is denied. This may be because Asp.net found a cookie value that is the same as the from identifier for security considerations, but it does not explicitly prompt this. To solve this problem, you must first verify the login and then write the user name into cookies. System. web. security. formsauthentication. setauthcookie (username. text, false); // log on... // write the user name to cookiesresponse. cookies ["rememberme"]. value = httputility. urlencode (username. text, system. text. encoding. getencoding ("gb2312"); response. cookies ["rememberme"]. expires = datetime. now. addmonths (1); the username in the input box is garbled because it stores the Chinese username. If you write Chinese characters into cookies, garbled characters are generated without any processing. The solution is as shown in the red code above. url encoding is used during writing, and the encoding format must be in Chinese format. Decodes the cookie value: username. TEXT = httputility. urldecode (request. cookies ["rememberme"]. value, system. text. encoding. getencoding ("gb2312"); another problem is to delete cookies, which were previously thought to be response. cookies. remove ("rememberme") can be deleted, but it does not work. You can call the Remove Method of the cookie set to remove the cookie from the set on the server side so that the cookie will not be sent to the client. However, if the client already has a cookie, this method cannot be removed from the client. The solution is to set the cookie expiration date to the previous date and let the user's browser Delete the cookie: If (response. Cookies ["rememberme"]! = NULL) response. cookies ["rememberme"]. expires = datetime. now. adddays (-1); // Delete the code that ends with the key part: system. web. security. formsauthentication. setauthcookie (username. text, false); // you must first verify if (rememberme. checked) // write the cookie {If (request. cookies ["rememberme"] = NULL) {response. cookies ["rememberme"]. value = httputility. urlencode (username. text, system. text. encoding. getencoding ("gb2312"); response. cookies ["re Memberme "]. expires = datetime. Now. addmonths (1) ;}} else {If (response. Cookies [" rememberme "]! = NULL) response. Cookies ["rememberme"]. expires = datetime. Now. adddays (-1); // Delete} when reading cookies: If (! Ispostback) {If (request. Cookies ["rememberme"]! = NULL) {username. TEXT = httputility. urldecode (request. cookies ["rememberme"]. value, system. text. encoding. getencoding ("gb2312"); rememberme. checked = true ;}}