How To Handle Cookies
Apr 20, 2010How to handle cookies in asp.net?
View 5 RepliesHow to handle cookies in asp.net?
View 5 RepliesAccording to the RFC, individual cookies in the "Cookie" HTTP header may be separated by commas as well as by semicolons. However, ASP.NET does not parse the commas case correctly - it does not count comma as a separator, but considers it just part of the value.
For exampleIf a client sends header Cookie: a=b, c=d, then the ASP.NET application will see just one cookie named "a" with value "b, c=d".As a special case, the same thing happens when the client sends several Cookie headers (one for each cookie) instead of combining all cookies in one header. From HTTP perspective, this is completely valid, and in such case the effective value of the header should be concatenation of the values of all its instances separated by commas.Does anybody know a workaround (or maybe a fix?) for this? I absolutely need to get this working, because I don't control the client.P.S. It is ironic that, according to this thread, the .NET built-in HTTP client's (aka HttpWebRequest) behavior is just the opposite, and also causes problems. :-)
Ive written a custom membership provider for my ASP.Net website.
Im using the default Forms.Authentication redirect where you simply pass true to the method to tell it to "Remember me" for the current user.
I presume that this function simply writes a cookie to the local machine containing some login credential of the user.
What does ASP.Net put in this cookie? Is it possible if the format of my usernames was known (e.g. sequential numbering) someone could easily copy this cookie and by putting it on their own machine be able to access the site as another user?
Additionally I need to be able to inercept the authentication of the user who has the cookie. Since the last time they logged in their account may have been cancelled, they may need to change their password etc so I need the option to intercept the authentication and if everything is still ok allow them to continue or to redirect them to the proper login page.
I'm handling cookies using JavaScript to store some values in my asp.net web application.I use document.cookie to save some values (converted into a lengthy string). But i want that value to be accessible across all the pages in my application.When i try to get that value from a different page, i get the values pertaining to the document in the current URL.
In short i save the value in the cookie in http://myapp/doc1.aspx and want to retrieve it in http://myapp/doc2.aspx
So is document.cookie is pertaining to a single document scope? How can i save/read cookies across the site?
Update.This is how i get and set cookies
function getCookie(c_name)
{
try{ [code]...
But i'm getting different values for the cookies in different pages.
I have been experimenting with code that will clear all of the cookies in an HttpContext.Response.Initially, I used this:
DateTime cookieExpires = DateTime.Now.AddDays(-1);
for (int i = 0; i < HttpContext.Request.Cookies.Count; i++)
{
HttpContext.Response.Cookies.Add(
new HttpCookie(HttpContext.Request.Cookies[i].Name, null) { Expires = cookieExpires });
}
this will error with an OutOfMemoryException because the for loop never exits - each time you add a cookie to the Response, it also gets added to the `Request.
I know that if I have set a cookie on a previous request, it will show up in my Request.Cookies collection. I want to update my existing Cookie. Are the cookies from my Request.Cookies collection already copied to my Response.Cookies collection? Do I need to add a new cookie with the same key using Response.Cookies.Add(), or do I need to use Response.Cookies.Set()?
View 1 RepliesOn my content page I have the code (in page_load):
if (Master.pageAction == "remove")
{
int removeProductID = int.Parse(Request.QueryString["ID"]);
int removeOptionID = int.Parse(Request.QueryString["optID"]);
Master.myBasket.removeFromBasket(removeProductID, removeOptionID);
//Response.Redirect("viewBasket.aspx");
}
The function remove from basket is defined as:
// Removes item from a basket
public void removeFromBasket(int itemsID, int optionsID)
{
Page myPage = (Page)HttpContext.Current.Handler;
this.setCookieString("");
myPage.Response.Write("done");
}
And it calls:
// Sets cookie date
public void setCookieString(string cookiesData)
{
Page myPage = (Page)HttpContext.Current.Handler;
HttpCookie basketCookie = new HttpCookie("basket");
basketCookie["items"] = cookiesData;
basketCookie.Expires = DateTime.Now.AddDays(7d);
myPage.Response.Cookies.Add(basketCookie);
}
I use the setcookiestring function on other pages and it works fine, but this function (removing from the basket) isn't setting the cookie! It is writing "done" to the top of the page, so the functions are executing.
No warnings, no errors, it's just not updating the cookie.
I want to use session object in my web app.I want to store some cookies too(Some custom informations) .How can i use both without the URL not being modified like [URL]
In my ASP.NET page,I am setting some session variable
Session["customerId"]="Some name";
Then i am trying to set some value in cookie
[code]....
In this page now i can access the sesion variable values,But when i m being Redirected to another asp.net page, I am not getting my session values there.Its seems like Its being lossed.
I would like to encrypt cookies in ASP.NET.
I have followed the method in this article, but it has the drawback that is uses reflection on an internal method. This has caused it to be flagged in a code review -- it is not future-proof as the internal implementation may change.
Is there a method with identical functionality which doesn't require using encryption on internal methods?
I am using .NET Framework 3.5 SP1 (Assume I cannot change framework versions)
I configure IE8 to block cookies.
View 1 RepliesI am using asp.net with c#.My issue is this that I am setting cookies to check that the same user is returning or not but user are returing from the same machine with different browser. Is their any alternate I would know that same machine user had visited my site.
View 2 RepliesMy application at mysubdomain.mydomain.com needs to set a cookie that contains some user session information.
They log in at a https page. We authenticate them and set some session info in a cookie.
We do this in a helper library that takes in the controller context
contextBase.Response.Cookies[CookiePayload.CookieName].Value = encryptedTicket;
contextBase.Response.Cookies[CookiePayload.CookieName].Expires = cookieExpires;
contextBase.Response.Cookies[CookiePayload.CookieName].Domain= ConfigHelper.CookieDomain;
contextBase.Response.Cookies[CookiePayload.CookieName].HttpOnly=true;
We do a quick redirect in the controller (to a non https page):
this.ControllerContext.HttpContext.Response.Redirect(redirectTo, false);
return null;
The cookie appears in the response (according to firebug's net tab).
But neither fireforx nor ie send the cookie on subsequent gets.
We are setting the cookie domain to mydomain.com even though the site is mysubdomain.mydomain.com. Skipping the redirect command has no effect, nor does changing the cookie value.
I'm trying to do some simple stuff, I've already looked at the examples through the web and I'm not sure of what I'm doing wrong It's a unit test that i'm doing to test some functionality that later will be performed by some different devices Basically I'm creating a webrequest to my site, which returns a set of cookies, which we later on need. Then I want to create a new webrequest, using the returned cookies from the first response, but when i'm reading that info, the cookies are empty
var request = (HttpWebRequest)WebRequest.Create("http://localhost/bla");
request.ContentType = "application/x-www-form-urlencoded";
request.Method = "GET";
request.CookieContainer = new CookieContainer();
request.CookieContainer.Add(originalResponse.Cookies); // originalResponse.Cookies has several cookies needed by "bla"
var response = request.GetResponse();
In another place... (inside "bla")
HttpContext.Current.Request.Cookies // this is empty
I know how to get a cookie on the code behind a page, but am trying to do the same thing in a class (instead of the code behind) without any luck.
Basically here is the situation:
There is a cookie already set (let's call it cookieX) and I need to retrieve the cookie within a class.
Once I get the value here is the logic I need If cookieX.value <> 1 OR cookieX.value IS NULL Then Redirect the User to PageX End If
So the overall question is how do I create a class within VB to read a cookies value, and then what goes in the class and what goes on the code behind the page? Essentially the plan is to check for the cookie on multiple pages, hence I am trying to separate the code into classes as much as possible.
I have an application where I use the standard login controls from VS 2005. I have a problem, how do I get the user info if the user has marked the checkbox "remember me"? In my application I load the username, when the user is logging in, that is the textbox named Login1.LayoutTemplate.UserName How do I get the data when the user automatically is logged in and doesn't enter the user name?
View 8 RepliesI have a cookie that exists in both request.cookies, and response.cookies; I want to change the one in response.cookies and leave the one in request.cookies to its original value; is there a way to do that? or at least, do you have something to read about
View 10 RepliesI have to use a cookie in all my asp.net pages.I am not using any master page.HttpCookie obj;obj=Request.cookie("sdf");so, i have to use this in every asp.net page
View 6 RepliesHow to make session to not to use cookies
View 4 Repliesi am creating cookies with following lines:
HttpCookie userid = new HttpCookie("userid", objUser.id.ToString());
userid.Expires.AddYears(1);
Response.Cookies.Add(userid);
Now How to make it persistent?
Because if I visit the same page again after closing the browser, I'm unable to get it back.
Am trying to design login page for my website and I am looking for methods other than forms authentication. The way in which I am trying is to have a table in the database that stores user information and check for the user validity.
The point where I get struck is how do i set cookies and session variables and how will I carry it through out the system. Can anyone tell/suggest me where I can relevant material so as to move forward. And also is my idea of negating traditional forms authentication and going for a model I described, is it good also does any other better method exist?
How can we make session, not use cookies ?
View 1 RepliesSince session and cookies are both used to store temporary data, what is the difference between them?
View 9 RepliesI have a situation where I write a cookie on one page and read it on another page, but it only works for users who are in the admin group onour web server.On my default page, I have this code in the page load event to get some user data from my database and save it for later use:
HttpCookie c = new HttpCookie("userinfo");
c.Values["domainaccount"] = _CtaUser.DomainAccount;
c.Values["userid"] = _CtaUser.UserID.ToString(); [code]....
And it's gone.Again, it works for me and one other programmer who are in the admin group on the web server, but not for anyone else.
The code below tries to clear the cookies for all domains once a user logs out of the system. For some reason, only the last domain in the array is cleared. Why does this happen? Am I doing something wrong?
For example, if I change the size of the array to 4 and then change the for loop to only go to 3, then it only logs me out of y.xcv.com.
As a sidenote, I have this loop working on a different server that uses a slightly different function to clear the cookies.
Edit: Code updated per suggestions below. Now it fails on the "as HttpCookie" line. Do I need to include some library?
Dim aDomain(12)
Dim ESidCookie, WIdCookie, EBidCookie, TSidAccessCookie, PSidAccessCookie, SSidCookie As HttpCookie
aDomain(0) = ".x.com"
aDomain(1) = "y.x.com"
aDomain(2) = "y.x.com" [code]....
If my application places HttpOnly cookies on a client and then needs to remove them how can you remove them completely?
View 2 Replies