ansaurus

Question

How to create persistent cookies in asp.net?

Answer 1

A:

You need to add this as the last line...

HttpContext.Current.Response.Cookies.Add(userid);

When you need to read the value of the cookie, you'd use a method similar to this:

    string cookieUserID= String.Empty;

    try
    {
        if (HttpContext.Current.Request.Cookies["userid"] != null)
        {
            cookieUserID = HttpContext.Current.Request.Cookies["userid"];
        }
    }
    catch (Exception ex)
    {
       //handle error
    }

    return cookieUserID;

Robert Williams 2010-06-29 11:57:44

sorry, I've added that line also..

Vikas 2010-06-29 12:00:05

I visit the page again, Request.Cookies["userid"] is null! why?

Vikas 2010-06-29 12:10:01

Is your browser set to allow cookies?

Robert Williams 2010-06-29 12:21:30

Answer 2

+1 A:

Here's how you can do that.

Writing the persistent cookie.

//create a cookie
HttpCookie myCookie = new HttpCookie("myCookie");

//Add key-values in the cookie
myCookie.Values.Add("userid", objUser.id.ToString());

//set cookie expiry date-time. Made it to last for next 12 hours.
myCookie.Expires = DateTime.Now.AddHours(12);

//Most important, write the cookie to client.
Response.Cookies.Add(myCookie);

Reading the persistent cookie.

//Assuming user comes back after several hours. several < 12.
//Read the cookie from Request.
HttpCookie myCookie = Request.Cookies["myCookie"];
if (myCookie == null)
{
    //No cookie found or cookie expired.
    //Handle the situation here, Redirect the user or simply return;
}

//ok - cookie is found.
//Gracefully check if the cookie has the key-value as expected.
if (!string.IsNullOrEmpty(myCookie.Values["userid"]))
{
    string userId = myCookie.Values["userid"].ToString();
    //Yes userId is found. Mission accomplished.
}

this. __curious_geek 2010-06-29 12:09:45

Answer 3

A:

FWIW be very careful with storing something like a userid in a cookie unencrypted. Doing this makes your site very prone to cookie poisoning where users can easily impersonate another user. If you are considering something like this I would highly recommend using the forms authentication cookie directly.

bool persist = true;

var cookie = FormsAuthentication.GetAuthCookie(loginUser.ContactId, persist);

cookie.Expires = DateTime.Now.AddMonths(3);

var ticket = FormsAuthentication.Decrypt(cookie.Value);

var userData = "store any string values you want inside the ticket
                 extra than user id that will be encrypted"

var newTicket = new FormsAuthenticationTicket(ticket.Version, ticket.Name,
     ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, userData);

cookie.Value = FormsAuthentication.Encrypt(newTicket);

Response.Cookies.Add(cookie);

Then you can read this at any time from an ASP.NET page by doing

string userId = null;
if(this.Context.User.Identity.IsAuthenticated)
    userid = this.Context.User.Identity.Name;

Chris Marisic 2010-06-29 12:23:05

Did he say FormsAuthentication cookie ? And why use `var` when you know the type.

this. __curious_geek 2010-06-29 12:25:00

Thanks for security concern but I'm using encryption for the cookies!

Vikas 2010-06-29 12:29:41

Because redundant specification of variables is redundant. And since the question specifically shows userid as the value to store in the cookie the FormsAuth cookie is the most correct solution for this IMO.

Chris Marisic 2010-06-29 13:06:18

ansaurus

tags:

views:

answers:

How to create persistent cookies in asp.net?

related questions