views:

53

answers:

2

I'm surprised i couldnt find any answers.

How do i set my sessionid in my cookie to expire at the end of session? (when the browser closes or the user has been inactive for a period of tie).

The two solutions i found were

(httpcookie).Expires = HttpContext.Current.Session.Timeout

Which gave me a compile error so i dont know if the user checked his code before posting. And the other was to set the expire date to 1 day ago which my gut says is wrong. How do i do this?

+1  A: 

TimeOut returns an int, Expires expects DateTime, which is why that code will not compile. Setting the expiration date to date in the past immediately revokes the cookie, so that's probably not what you want. If you left the expiration date unused, the cookie would expire as soon as the user closed the browser.

If you want the cookie tied to the particular Session, why involve the cookie in the first place? You could certainly keep extending the cookie's expiration date each time the user extended the session by using your application, but that seems like unnecessary work. Just use Session.

Feel free to elaborate on the problem.

Anthony Pegram
How do i 'Just use Session'?
acidzombie24
That meant skip persisting things to a cookie and just use the session. If you actually need to know how to *use* the session, there are questions for that. A short example is `Session["someKey"] = someString; string retrievedValue = (string)Session["someKey"];`
Anthony Pegram
+1. I want to mention that `HttpContext.Current.Session` was null so i just went with cookies instead and extend the expiration date each time the user visits as you mentioned.
acidzombie24
+6  A: 

You're talking about a non-persistent cookie. By default asp.net sends cookies in that way. The main difference between them are that a persistent cookie has an expires value set.

So, if you don't want the cookie to persist, then do not set the expires value.

That said, the cookie will remain in memory until the browser is actually closed. Let's say they browse to your site and you set a non-persistent cookie. They do things and browse away. Later they, using the same browser instance, come back to your site. The cookie will still be there.

Now, if they closed the browser at any point, then the cookie would be flushed out.

Point is, don't set the expires header. Especially not to when the session date expires. Session dates are generally only 20 or so minutes in the future, but the expiration date rolls forward as the user browses through your site.

===== update =====

I used the following code for testing:

    protected void Page_Load(object sender, EventArgs e) {
        if (!Page.IsPostBack) {
            HttpCookie c = Request.Cookies["test"];
            if (c != null) {
                Response.Write(String.Format("test value is {0} <br />", c.Value));
            }
        } else {
            HttpCookie c = new HttpCookie("test");
            c.Value = "HERE IT IS";
            Response.Cookies.Add(c);
        }
    }

    protected void Button1_Click(object sender, EventArgs e) {
        Response.Write("clicked<br />");
    }

the .aspx file simple had a button which fired that button1_click handler. When I initially browse to it using any of the latest browsers (ie, firefox, chrome) there is no cookie. After I click the button a cookie is set. Then I closed the browser completely, reopened and browsed back to the site. In all cases the cookie was gone.

Chris Lively
cool, so the solution is dont touch anything, just set the cookie value and leave it at that. I thought there was more to it.
acidzombie24
Nope. It is pretty simple.
Chris Lively
Before i mark this as accepted i want to know. I closed my firefox (3.6.10) browser and reopened it. I was still logged in. Why? It looks like updating/setting the expiry to 30mins ahead seems like a good solution.
acidzombie24
You might first want to delete ALL of your cookies related to your test site. Then try it. Also, make sure you close all instances of firefox that may be open. The cookie might have still been there from when you were testing the expiration date.
Chris Lively
I just tested it with Firefox 3.6.10 and it cleared out as expected.
Chris Lively
Weird. I know i did it right so i tested it again. It turns out first time around i had multiple tabs open and used the save and quit feature. I didnt know that prevents cookies from expiring. Well done. -edit- I tested on opera and it expires the cookies even when i close with multiple tabs. I'm happy with these results.
acidzombie24