Click here to Skip to main content
15,850,750 members
Articles / Web Development / ASP.NET

Beginner's Guide to ASP.NET Cookies

Rate me:
Please Sign up or sign in to vote.
4.64/5 (195 votes)
29 Dec 2008CPOL8 min read 546.6K   365   119
This article describes Cookies, persistent and non-persistent cookies, their uses, cookie munging etc.

Table of Contents


First of all, I would like to thank all of the readers who have read my previous articles and voted for me. Wow.. what a great support I have got from you people. Again, thanks to Sean Ewington for starting up a very fantastic idea with the Beginner's Walk for Web Development article. I have written a few articles for beginners. I really felt great when my Beginner's Guide to ViewState article was displayed on the CodeProject Home page Editor's Choice section. Following are the articles that I have written so far for beginners.

Cookies, Session, and Application object are in my queue. Now it's time for learning about cookies. I have spent a lot of time to prepare this article. And you will be very surprised to know that the Introduction part is the last topic which I am writing before posting the article. I have read many articles, books before writing this article. I have done some hands on projects also. Hope I have explained this well and I hope you people will like it. Please give your suggestions and feedback.

What are Cookies?

Cookies are the small files that are created on the client's system or client browser memory (if temporary). It is used for state management which I have already discussed in my ViewState article. We can store small pieces of information in a client system and use it when needed. The most interesting thing is that it works transparently with the user. It can be easily used anywhere in your web application. Cookies store information in plain text format. If a web application uses cookies, the server sends cookies and the client browser will store it. The browser then returns the cookie to the server the next time the page is requested. The most common examples of using a cookie are to store user information, user preferences, password remember option, etc. Cookies have many advantages and disadvantages. I will come to this later on, but first, have a look at how cookies are started.

How are Cookies started?

When a client requests to the server, the server sends cookies to the client. The same cookies can be referred to for subsequent requests. For example, if stores the session ID as cookies, when a client hits the first time on the server, the server generates the session ID and sends it as a cookie to the client [as shown in Fig. 1.0.].


Fig. 1.0: Initial state of cookie creation

Now for all subsequent requests from the same client, it uses the session-ID from the cookies, just like in the picture below:


Fig. 1.1: Subsequent request for other pages

The browser and web server are responsible for exchanging cookies information. For different sites, the browser keeps cookies differently. If a page needs information from the cookies, when that URL is hit, first it searches the local system for cookies information, then it is moved to the server with that information.

Advantages of Cookies

Following are the main advantages of using cookies in a web application:

  • It's very simple to use and implement.
  • Browser takes care of sending the data.
  • For multiple sites with cookies, the browser automatically arranges them.

Disadvantages of Cookies

The main disadvantages of cookies are:

  • It stores data in simple text format, so it's not secure at all.
  • There is a size limit for cookies data (4096 bytes / 4KB).
  • The maximum number of cookies allowed is also limited. Most browsers provide limits the number of cookies to 20. If new cookies come, the old ones are discarded. Some browsers support up to 300.
  • We need to configure the browser. Cookies will not work on a high security configuration of the browser. [I have explained this in details.]

How to create Cookies

For working with cookies, we need to use the namespace System.web.


Have a look at the code and see how we create cookies and add it with a web response.


The cookies which have been created will persist until the browser is closed. We can persist cookies beyond that. But how? I have explained this below.

How to read data from Cookies

Now it is time to retrieve data from the cookies. Before reading the cookies, first we need to check whether a cookie was found or not. It is always a good practice to check a cookie before reading it, because the browser might have disabled cookies.


What are persistent and non-persistent Cookies?

We can classify cookies into two:

  • Persistent Cookies
  • Non-persistent Cookies

Persistent cookies: These can be called permanent cookies, which are stored in the client hard-drive until they expire. Persistent cookies should be set with an expiration dates. Sometimes thet stays until the user deletes the cookies. Persistent cookies are used to collect identification information about a user from the system. I have discussde about the creation of persistent cookies in the "How to make persistant Cookies" section.

Non-persistent Cookies: These can be called temporary Cookies. If there is no expiration time defined, then the cookie is stored in the browser memory. The example which I have shown above is a non-persistent cookie.

There is no difference between modifying a persistent and non-persistent cookie. The only difference between them is persistent cookies should have an expatriation time defined.

How to make persistent Cookies?

I have already given an example of non-persistent cookies. For persistent cookies, we need to add an expiration time. In the given code, I have specified 5 days.

//Creting a Cookie Object
HttpCookie _userInfoCookies = new HttpCookie("UserInfo");

//Setting values inside it
_userInfoCookies["UserName"] = "Abhijit";
_userInfoCookies["UserColor"] = "Red";
_userInfoCookies["Expire"] = "5 Days";

//Adding Expire Time of cookies
 _userInfoCookies.Expires = DateTime.Now.AddDays(5);

//Adding cookies to current web response

The most interesting thing is where they are stored in the hard drive.

Where are Cookies stored in the local hard drive?

This is one of the interesting things to know to find out cookies in your local drive. First of all, from Explorer Folder Options, select show hidden files and folders.


Fig 1.2 : Show Hidden files and Folders settings

Now browse into Documents & Settings of the current user and open the cookies folder. Take a look at this picture.


Fig 1.3 : Reading Cookies info in the local System

How to remove persistent Cookies before its expiration time?

This is a funny task. If you want to remove persistent cookies before the expiration date, the only way is to replace them with cookies with a past expiration date.

HttpCookie _userInfoCookies = new HttpCookie("UserInfo");
//Adding Expire Time of cookies before existing cookies time
_userInfoCookies.Expires = DateTime.Now.AddDays(-1);
//Adding cookies to current web response

How to control Cookies scope?

We can controll the scope of cookies the following ways:

  • Limiting Cookies to Path
  • Limiting Cookies Domain

What is Cookie Munging?

By default, ASP.NET uses cookies to stores session IDs, but as I have already mentioned, some browser do not support cookies. To overcome this problem, ASP.NET uses "Cookie Munging" to manage session variables without cookies.

[Though this is related with Session, I am just giving a basic overview. I will explain this in detail in my next article which will be on Session.]

Why are we using Cookie Munging in ASP.NET?

There are some specific reasons to use cookie munging in ASP.NET:

  • Some browsers do not support cookies.
  • Sometimes users disable cookies in the browser.

How Cookie Munging works

When the user requests for a page on the server, the server encodes the session ID and adds it with every HREF link in the page. When user click on a link, ASP.NET decodes that session ID and passes it to the page that the user has requested. Now the requesting page can retrieve any session variable. This all happens automatically if ASP.NET detects that the user's browser does not support cookies.


Fig .1.4 : Steps of Cookie Munging

How to implement Cookie Munging

For this, we have to make session state cookie-less.

<sessionState cookieless= "true />

I am stopping here on this topic. I will explain it in detail when I write an article on Session.

How to configure Cookies in the browser

We can now take a look at how we can configure the browser for enabling/disabling cookies. I have already discussed about settings in the IE browser. Click on Tools -> Internet Options -> go to Privacy tab. There you will be able to see a scroll bar with the following options:

  • Accept All Cookies
  • Low
  • Medium
  • Medium High
  • Block All Cookies


The first option will accept all cookies and the last option will block all cookies. You can get the details of those settings while scrolling the bar.


There are many topics to learn about cookies. I have covered just a small portion. Hope this will help all beginners to get familiar with cookies. Please give your feedback and suggestions.


  • Written on 20-Dec-08, Saturday.
  • Updated info on browser configuration: 22-Dec-08.



This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By
Technical Lead
India India
.NET Consultant | Former Microsoft MVP - ASP.NET | CodeProject MVP, Mentor, Insiders| Technology Evangelist | Author | Speaker | Geek | Blogger | Husband

Blog :
Web Site :
Twitter : @AbhijitJana
My Kinect Book : Kinect for Windows SDK Programming Guide

Comments and Discussions

Bugthere will be missing link on Exploring Caching in ASP.NET article Pin
Dharmesh .S. Patil12-Jul-15 21:01
professionalDharmesh .S. Patil12-Jul-15 21:01 
GeneralMy Vote 5 Pin
Dharmesh .S. Patil12-Jul-15 20:45
professionalDharmesh .S. Patil12-Jul-15 20:45 
GeneralMy vote of 5 Pin
pateldeepp28-Oct-14 23:06
pateldeepp28-Oct-14 23:06 
GeneralMy vote of 5 Pin
ratedam11-Sep-14 11:48
ratedam11-Sep-14 11:48 
GeneralMy vote of 4 Pin
Member 1099757312-Aug-14 1:37
Member 1099757312-Aug-14 1:37 
GeneralMy vote of 4 Pin
SaadZulfiqar15-Jul-14 2:46
SaadZulfiqar15-Jul-14 2:46 
SuggestionGood One Pin
Baroor7-May-14 0:43
Baroor7-May-14 0:43 
QuestionGud one Pin
Guna143126-Mar-14 23:40
Guna143126-Mar-14 23:40 
Questionfeedback Pin
pamu5417-Sep-13 1:16
pamu5417-Sep-13 1:16 
GeneralMy vote of 5 Pin
Pratik Bhuva29-Aug-13 23:35
professionalPratik Bhuva29-Aug-13 23:35 
Short & Sweet
Questionperfect Pin
Deepak Rana1123-Aug-13 3:17
professionalDeepak Rana1123-Aug-13 3:17 
GeneralMy vote of 5 Pin
Nitin_star20-Jun-13 21:47
Nitin_star20-Jun-13 21:47 
Suggestionbest practices Pin
Megaman_zero17-Jun-13 7:43
professionalMegaman_zero17-Jun-13 7:43 
SuggestionCookies Vulnerability Pin
Megaman_zero17-Jun-13 7:37
professionalMegaman_zero17-Jun-13 7:37 
GeneralMy vote of 5 Pin
Akshay Jani17-Jun-13 4:34
Akshay Jani17-Jun-13 4:34 
GeneralMy vote of 5 Pin
NeenaM12-Jun-13 9:22
NeenaM12-Jun-13 9:22 
GeneralMy vote of 5 Pin
Chinmayasri Behera12-Apr-13 7:07
Chinmayasri Behera12-Apr-13 7:07 
GeneralMy vote of 5 Pin
Akiii_Lethal21-Feb-13 16:18
Akiii_Lethal21-Feb-13 16:18 
GeneralMy vote of 5 Pin
RajaPrabu29-Jan-13 18:58
RajaPrabu29-Jan-13 18:58 
GeneralMy vote of 5 Pin
ffowler8-Jan-13 9:28
ffowler8-Jan-13 9:28 
SuggestionThanks Pin
aspplus6-Jan-13 13:26
aspplus6-Jan-13 13:26 
GeneralMy vote of 5 Pin
Velkumar Kannan30-Oct-12 19:03
Velkumar Kannan30-Oct-12 19:03 
GeneralMy vote of 5 Pin
vikashSrivastava10-Sep-12 3:31
vikashSrivastava10-Sep-12 3:31 
QuestionPersistent cookies share the session between tabs? Pin
jeyamothi3-Sep-12 22:29
jeyamothi3-Sep-12 22:29 
GeneralMy vote of 3 Pin
Ankit Kumar24-Aug-12 21:31
Ankit Kumar24-Aug-12 21:31 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.