Session and Cookie Management in .Net - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Session and Cookie Management in .Net

Description:

Session and Cookie Management in .Net Sandeep Kiran Shiva UIN: 00822389 – PowerPoint PPT presentation

Number of Views:236
Avg rating:3.0/5.0
Slides: 17
Provided by: ssh108
Category:

less

Transcript and Presenter's Notes

Title: Session and Cookie Management in .Net


1
Session and Cookie Management in .Net
Sandeep Kiran Shiva UIN 00822389
2
State Management Overview
  • New instance of the Web page class is created
    each time the page
  • is posted to the server.
  • Http is a stateless protocol!
  • ASP.NET options for State Management
  • Client Based
  • View state
  • Control state
  • Hidden fields
  • Cookies
  • Query strings
  • Server Based
  • Application state
  • Session state
  • Profile Properties

3
Cookies-Introduction
  • A cookie is a small bit of text that accompanies
    requests and pages as they go
  • between the Web server and browser. The cookie
    contains information the Web
  • application can read whenever the user visits
    the site.
  • A cookie consists of one or more  name-value
    pairs  containing bits of information,
  • which may be encrypted for information
    privacy and data security purposes.
  • Uses
  • Authentication,
  • Session tracking (state maintenance),
  • Storing site preferences, 
  • Shopping cart contents,
  • The identifier for a server-based session,
  • Anything else that can be accomplished through
    storing textual data.

4
Write a Cookie Response.Cookies"userName".Valu
e "patrick" Response.Cookies"userName".Expir
es DateTime.Now.AddDays(1) gtgtHere, the values
of the Cookies() collection are set directly.
HttpCookie aCookie new HttpCookie("lastVisit")
aCookie.Value DateTime.Now.ToString()
aCookie.Expires DateTime.Now.AddDays(1)
Response.Cookies.Add(aCookie) gtgtHere, the code
creates an instance of an object of
type HttpCookie Read a Cookie if(Request.Cookie
s"userName" ! null) Label1.Text
Server.HtmlEncode(Request.Cookies"userName".Valu
e) if(Request.Cookies"userName" ! null)
HttpCookie aCookie Request.Cookies"userName"
Label1.Text Server.HtmlEncode(aCookie.Value)
5
Delete a Cookie HttpCookie aCookie string
cookieName int limit Request.Cookies.Count
for (int i0 iltlimit i) cookieName
Request.Cookiesi.Name aCookie new
HttpCookie(cookieName) aCookie.Expires
DateTime.Now.AddDays(-1) Response.Cookies.Add(a
Cookie) Cookie Scope HttpCookie appCookie
new HttpCookie("AppCookie") appCookie.Value
"written " DateTime.Now.ToString()
appCookie.Expires DateTime.Now.AddDays(1)
appCookie.Path "/Application1"
Response.Cookies.Add(appCookie)
6
  • Drawbacks
  • Cookie Hijacking Cookie theft is the act of
    intercepting cookies by an
  • unauthorized party.

This issue can be overcome by securing the
communication between the user's computer and
the server by employing Transport Layer
Security (https protocol) to encrypt the
connection and using a secure flag.
  • Cross-site Scripting making the browser itself
    send cookies to malicious servers
  • that should not receive them. Encrypting
    cookies before sending them on the
  • network does not help against this attack

A way for preventing such attacks is by using the
HttpOnly flag
7
Sample code
public partial class _Default
System.Web.UI.Page protected void
Page_Load(object sender, EventArgs e)
if (Request.Cookies"id" ! null)
string userId Request.Cookies"id".Value
Response.Write("User Id value"
userId) HttpCookie cookie
Request.Cookies"user" // for safety,
always check for NULL. If cookie doesn't exist,
it will be NULL if (cookie ! null)
string name cookie"name"
string age cookie"age"
lblCookieExistance.Text "Multi-valued Cookie
existltbrgt" lblCookieExistance.Text
string.Format("Name 0ltbrgtAge 1", name,
age) else
lblCookieExistance.Text "Cookie not exist"
protected void CreateCookieClicked(object
sender, EventArgs e) Response.Cookies"i
d".Value "10" Response.Cookies"id".E
xpires DateTime.Now.AddDays(1)
8
protected void btnRemoveCookie_Click(object
sender, EventArgs e) Response.Cookies"i
d".Expires DateTime.Now.AddDays(-1)
lblMessage.Text "Cookie deleted. Try opening
the same page in another window of the same
browser" protected void
btnCreateMultiValuedCookie_Click(object sender,
EventArgs e) HttpCookie cookie new
HttpCookie("user") cookie"name"
"Foo" cookie"age" "22"
cookie.Expires DateTime.Now.AddDays(1)
Response.Cookies.Add(cookie)
lblMessage.Text "Cookie created
Demo ..
9
Sessions- Introduction
  • ASP.NET session state enables you to store and
    retrieve values for a user as the
  • user navigates ASP.NET pages in a Web
    application.

Fig For every client session data store
separately
10
  • Advantages Of Sessions
  • It helps to maintain user states and data to all
    over the application.
  • It can easily be implemented and we can store any
    kind of object. 
  • Stores every client data separately. 
  • Session is secure and transparent from user.
  • Session variables allow for customization of
    a web site.
  • Disadvantages
  • Performance overhead in case of large volume of
    user, because of session data
  • stored in server memory.
  • The overuse of Session variables can lead to very
    unreadable and
  • unmaintainable code.

11
  • Session Variables
  • used to store data about the current user and his
    session.
  • Storing values in Session Variables
  • Session"FirstName" FNameTB.Text
  • Session"LastName" LNameTB.Text
  • Retrieving values  from Session Variables
  • //Check weather session variable is null or not
  • if (Session"DataSet" ! null)
  • //Retrieving Dataset from Session
  • MyDs (DataSet)Session"DataSet"
  • Else
  • //Do Something else

12
  • Session ID
  • Asp.Net use 120 bit identifier to track each
    session.
  • When client communicate with server, only session
    id is transmitted.
  • When client request for data, ASP.NET looks on to
    session ID and
  • retrieves corresponding data.

13
Removing Session From Session Variable  Following
are the list of methods that are used to
removing the session .
Method Description
Session.Remove(strSessionName) Remove an Item from Session State Collection
Session.RemoveAll() Remove all items from session collection 
Session.Clear() Remove all items from session collection  Note There is no difference between Clear and RemoveAll. RemoveAll() calls Clear(), internally.
Session.Abandon() Cancels the Current Session
14
  • Cookieless Sessions
  • The SessionID() is stored in a non-expiring
    session cookie in the browser by
  • default. You can specify that session
    identifiers not be stored in a cookie by
  • setting the cookieless attribute to true in
    the sessionState section of the
  • Web.config file.
  • ltconfigurationgt
  • ltsystem.webgt
  • ltsessionState cookieless"true" /gt
  • lt/system.webgt
  • lt/configurationgt
  • ASP.NET maintains cookieless session state by
    automatically inserting
  • a unique session ID into the page's URL
  • http//www.abcdefg.com/s(lit3py55t21z5v55vlm25s55)
    /orderform.aspx

15
Reference
  • http//www.codeproject.com/KB/aspnet/ExploringSess
    ion.aspx2
  • http//en.wikipedia.org/wiki/HTTP_cookie
  • http//msdn.microsoft.com/en-us/library/ms178582.a
    spx

16
Thank You!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Session and Cookie Management in .Net" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!