Browse DevX
Sign up for e-mail newsletters from DevX


Client- and Server-side Solutions to Managing State in ASP.NET : Page 4

Whether you are building a traditional Windows application or a Web-based application, state is what an application knows about the user, their current interaction with the application, and other pieces of global information. Get a full assessment of the best techniques for managing state.




Building the Right Environment to Support AI, Machine Learning and Deep Learning

Client-Based Technique #3: Cookies
Mmmmmm cookies and milk...no, not that kind of cookies. Using cookies is another client-based technique to help the server "remember" things about a returning Web page. Cookies are small pieces of information stored on the client computer. They are limited to storing only character data and they are limited to 4K in size. Session cookies and persistent cookies are the two types of cookies.

Session Cookies
Session cookies are stored in-memory during the client browser session. When the browser shuts down the session cookies are lost. You can create session cookies by calling the Add method of the Cookies collection on the Response object. The Cookies collection contains individual cookie objects of type HttpCookie. The following code creates a UserName cookie containing the name Jim.

Dim objCookie As New HttpCookie("UserName", "Jim") Response.Cookies.Add(objCookie)

You read the cookie created above like this.


Persistent Cookies
Persistent cookies work the same way as session cookies. The difference between the two is that persistent cookies have an expiration date. The expiration date indicates to the browser that it should write the cookie to the client's hard drive. You can create persistent cookies to last for a couple days or a couple years. Keep in mind that because a user can delete cookies from their machine that there is no guarantee that a cookie you "drop" on a user machine will be there the next time they visit your site.

Persistent cookies are typically used to store information that identifies a returning user to a Web site. Typical information found in cookies includes user names and user IDs.

You create persistent cookies the same way as session cookies—by calling the Add method of the Cookies collection on the Response object. Again, the only difference is the persistent cookie has a set expiration date.

Dim objCookie As New HttpCookie("MyCookie", "Rod Paddock") objCookie.Expires = #12/31/2004# Response.Cookies.Add(objCookie)

You read a persistent cookie the same way you read a session cookie.


Cookie Dictionary
A cookie dictionary is a single cookie that stores multiple pieces of information. You use the Values property to access and assign new values to the cookie dictionary.

You create a cookie dictionary with code like this.

Dim objCookieDictionary As New _ HttpCookie("Preferences") objCookieDictionary.Values("UserName") = _ "Jim" objCookieDictionary.Values("LastVisit") = _ Now.Date objCookieDictionary.Values("Country") = _ "USA" objCookieDictionary.Expires = _ DateTime.MaxValue Response.Cookies.Add(objCookieDictionary)

You retrieve a value from a cookie dictionary with code like this.

Dim MyCookie As HttpCookie = _ Request.Cookies("Preferences") If Not MyCookie Is Nothing Then Dim Username As String = _ MyCookie.Values("UserName") Dim Country As String = _ MyCookie.Values("Country") Dim LastVisit As String = _ MyCookie.Values("LastVisit") End If

Advantages of Using Cookies
Cookies are great for storing small pieces of frequently changing information on a user's machine, because:

  • Cookies are easy to implement.
  • Cookies do not require any server resources since they are stored on the client.
  • You can configure cookies to expire when the browser session ends (session cookies) or they can exist for a specified length of time on the client computer (persistent cookies).
Disadvantages of Using Cookies
You should keep in mind though, that:

  • A user can delete a cookie.
  • A user can refuse a cookie.
  • Cookies exist as plain text on the client machine and they may pose a possible security risk since someone (or code) with control of a user's computer can open and tamper with cookies.
Paying Attention to Cookie Security
You must pay close attention to the type of data you store in cookies. I suggest you follow these guidelines.

  • Cookies are not designed to store critical information so storing passwords in a cookie is a bad idea.
  • Keep the lifetime of a cookie as short as practically possible.
  • Encrypt cookie data to help protect the values stored in the cookie.
Client-Side Method State Management Summary
Table 1 summarizes client-side state management techniques and when you should consider using them.

Table 1: Client-side state management techniques overview.


When to Use


Use when you need to store small amounts of data for a page that posts back to itself.


Use when you need to store small amounts of non-secure data on the user's machine. Use cookies as a user identifier and avoid storing critical or sensitive information in them.

Query String

Use when you are transporting small amounts of non-secure data from one page to another.

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date