Client-Based Technique #3: Cookies
Mmmmmm cookies and milk...no, not that kind of cookies. Using cookies
is another client-based technique to help the server "remember" things about a returning Web page. Cookies are small pieces of information stored on the client computer. They are limited to storing only character data and they are limited to 4K in size. Session
cookies and persistent
cookies are the two types of cookies.
Session cookies are stored in-memory during the client browser session. When the browser shuts down the session cookies are lost. You can create session cookies by calling the Add
method of the Cookies collection on the Response object. The Cookies collection contains individual cookie objects of type HttpCookie. The following code creates a UserName
cookie containing the name Jim.
Dim objCookie As New HttpCookie("UserName",
You read the cookie created above like this.
Persistent cookies work the same way as session cookies. The difference between the two is that persistent cookies have an expiration date. The expiration date indicates to the browser that it should write the cookie to the client's hard drive. You can create persistent cookies to last for a couple days or a couple years. Keep in mind that because a user can delete cookies from their machine that there is no guarantee that a cookie you "drop" on a user machine will be there the next time they visit your site.
Persistent cookies are typically used to store information that identifies a returning user to a Web site. Typical information found in cookies includes user names and user IDs.
You create persistent cookies the same way as session cookiesby calling the Add
method of the Cookies
collection on the Response object. Again, the only difference is the persistent cookie has a set expiration date.
Dim objCookie As New HttpCookie("MyCookie",
objCookie.Expires = #12/31/2004#
You read a persistent cookie the same way you read a session cookie.
A cookie dictionary
is a single cookie that stores multiple pieces of information. You use the Values
property to access and assign new values to the cookie dictionary.
You create a cookie dictionary with code like this.
Dim objCookieDictionary As New _
objCookieDictionary.Values("UserName") = _
objCookieDictionary.Values("LastVisit") = _
objCookieDictionary.Values("Country") = _
objCookieDictionary.Expires = _
You retrieve a value from a cookie dictionary with code like this.
Advantages of Using Cookies
Dim MyCookie As HttpCookie = _
If Not MyCookie Is Nothing Then
Dim Username As String = _
Dim Country As String = _
Dim LastVisit As String = _
Cookies are great for storing small pieces of frequently changing information on a user's machine, because:
Disadvantages of Using Cookies
- Cookies are easy to implement.
- Cookies do not require any server resources since they are stored on the client.
- You can configure cookies to expire when the browser session ends (session cookies) or they can exist for a specified length of time on the client computer (persistent cookies).
You should keep in mind though, that:
Paying Attention to Cookie Security
- A user can delete a cookie.
- A user can refuse a cookie.
- Cookies exist as plain text on the client machine and they may pose a possible security risk since someone (or code) with control of a user's computer can open and tamper with cookies.
You must pay close attention to the type of data you store in cookies. I suggest you follow these guidelines.
Client-Side Method State Management Summary
- Cookies are not designed to store critical information so storing passwords in a cookie is a bad idea.
- Keep the lifetime of a cookie as short as practically possible.
- Encrypt cookie data to help protect the values stored in the cookie.
Table 1 summarizes client-side state management techniques and when you should consider using them.
Table 1: Client-side state management techniques overview.
When to Use
Use when you need to store small amounts of data for a page that posts back to itself.
Use when you are transporting small amounts of non-secure data from one page to another.