Cookies are sent to the browser via the HttpResponse object that exposes a collection called Cookies. You can access the HttpResponse object as the Response property of your Page class.

You can also set a cookie’s date and time expiration. Expired cookies are deleted by the browser when a user visits the site that wrote the cookies. you can set the expiration date to be 50 years from now.

If you do not set the cookie’s expiration, the cookie is created but it is not stored on the user’s hard disk. When the user closes the browser, the cookie is discarded. Those are called non- Persistant cookies.
eg: non-persistent cookies are useful if the user is working on a public computer, where you do not want to write the cookie to disk due to security reason.

You can add cookies to the Cookies collection in a number of ways.

Response.Cookies["userName"].Value = "patrick";
Response.Cookies["userName"].Expires = DateTime.Now.AddDays(1);

HttpCookie aCookie = new HttpCookie("lastVisit");
aCookie.Value = DateTime.Now.ToString();
aCookie.Expires = DateTime.Now.AddDays(1);

Cookies with More Than One Value
You can store multiple name-value pairs in a single cookie.
eg: instead of creating two separate cookies named userName and lastVisit, you can create a single cookie named userInfo that has the subkeys userName and lastVisit.
1) cookie attribute such as expiration can be applied to single cookie file instead of each cookie individually.
2) as we know we can’t store more then 20 cookies per site, so by using single cookie like above we save on number of cookies per site.

Response.Cookies["userInfo"]["userName"] = "patrick";
Response.Cookies["userInfo"]["lastVisit"] = DateTime.Now.ToString();
Response.Cookies["userInfo"].Expires = DateTime.Now.AddDays(1);

HttpCookie aCookie = new HttpCookie("userInfo");
aCookie.Values["userName"] = "patrick";
aCookie.Values["lastVisit"] = DateTime.Now.ToString();
aCookie.Expires = DateTime.Now.AddDays(1);

Controlling Cookie Scope
By default, all cookies for a site are stored together on the client, and all cookies are sent to the server with any request to that site. In other words, every page in a site gets all of the cookies for that site. However, you can set the scope of cookies in two ways:
Limiting Cookies to a Folder or Application
To limit cookies to a folder on the server, set the cookie’s Path property, as in the following example:

HttpCookie appCookie = new HttpCookie("AppCookie");
appCookie.Value = "written " + DateTime.Now.ToString();
appCookie.Expires = DateTime.Now.AddDays(1);
appCookie.Path = "/Application1";

The path can either be a physical path under the site root or a virtual root. The effect will be that the cookie is available only to pages in the Application1 folder. So cookie will be available to path or any page beneath that folder.

Limiting Cookie Domain Scope
By default, cookies are associated with a specific domain. For example, if your site is, the cookies you write are sent to the server when users request any page from that site. If your site has subdomains—for example,,, and—then you can associate cookies with a specific subdomain.

Response.Cookies["domain"].Value = DateTime.Now.ToString();
Response.Cookies["domain"].Expires = DateTime.Now.AddDays(1);
Response.Cookies["domain"].Domain = "";

Reading Cookies
When a browser makes a request to the server, it sends the cookies for that server along with the request. In your ASP.NET applications, you can read the cookies using the HttpRequest object, which is available as the Request property of your Page class. structure of the HttpRequest is same as HttpResponse object, so you can read them much the same way as you wrote them.

if(Request.Cookies["userName"] != null)
Label1.Text = Server.HtmlEncode(Request.Cookies["userName"].Value);

if(Request.Cookies["userName"] != null)
HttpCookie aCookie = Request.Cookies["userName"];
Label1.Text = Server.HtmlEncode(aCookie.Value);

HtmlEncode method was called to encode the contents of a cookie to make sure executable script are not added into the cookie.
Similarly reading a subkey: Server.HtmlEncode(Request.Cookies[“userInfo”][“userName”]);
The subkeys in a cookie are typed as a collection of type NameValueCollection. Therefore, another way to get an individual subkey is to get the subkeys collection and then extract the subkey value by name, as shown in the following example:

UserInfoCookieCollection = Request.Cookies["userInfo"].Values;
Label1.Text =
Label2.Text =

Leave a comment

Filed under C#

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s