CIS 451: Cookies

1
CIS 451 Cookies

• Dr. Ralph D. Westfall
• February, 2009

2
Problem

• server mostly tracks requests for files
• very efficient for high volume of users
• memory doesn't know who is asking for files
• even if from link on file in same web site
• to help server, could send identification
• identification needs to associated with all files
  requested by same user of application
• use HTML "hidden fields" in later pages?
• ltINPUT TYPE"hidden" NAME" " VALUE" "gt

3
Possible Solutions

• password login ( hidden fields)
• advantage highest security
• disadvantage extra work for customer
• automated identification ( hidden)
• could generate a random to ID customer
• advantage no extra work for customer
• disadvantage only good for one session
• can' track repeat visits by same person

4
Another Solution Cookies

• information stored in file on client computer
• National Semiconductor cookies policy
• advantages
• user only needs to enter data one time
• data "persists," so it is available in later
  sessions
• disadvantages
• some users won't allow cookies (very few?)
• cookies can be removed from user's computer
• expire, replaced by newer ones, or cleared by user

5
Cookies

• cookies have names
• a cookie can have multiple values
• cookie data accessed by the cookie's name (and by
  the keys if more than one value)
• cookies are part of both the Request and Response
  ASP intrinsic objects
• created by Response.Cookies methods
• stored in Request.Cookies "collection"

6
Working with Cookies

• creating
• Response.Cookies("cookie")("key") "value"
• 'substitute "literals" or string variables for
• 'items within " "
• 'note similarities to selection of multiple
• 'items in a ListBox on HTML or .NET form
• deleting
• Response.Cache.SetExpires _ 'line continuation
• (DateTime.Now.AddDays(-5))'positive or negative
• 'negative value deletes on client
• 'but session still has data

7
Using QueryString in an aspx File

• can create the same effect sending from an aspx
  file as from a html file
• Response.Redirect("rsp.aspx?Name" _
• this.txtName.Text "LastName" _
• this.txtLastName.Text)
• values are URL encoded and visible in browser
  address of destination page
• one way to migrate from html to aspx

8
Working with Cookies - 2

• accessing
• strValue Request.Cookies("cookie")("key")
• 'note that data is accessed from Request object
• counting cookies
• intCount Request.Cookies.Count 1
• '0 based need to add 1 to get actual

9
Viewing Cookies

• install Web Developer add-on for Firefox
• CookiesgtView Cookie Information

10
Cookie Exercise

• create a web project in VB.NET
• add one TextBox and a Button to the Default.aspx
  form
• add another form named CookieRead.aspx and add a
  Label to it

11
Cookie Exercise - 2

• double-click on each form to create the aspx.vb
  code-behind files
• or right-click on the file names in Solution
  ExplorergtView Code
• download cookiewrite.aspx and cookieread.aspx
  from Code Samples
• use the code examples to get the two pages to run

12
Cookie Exercise - 3

• make enhancements
• add some more input fields to Default.aspx and
  modify CookieRead.aspx to output these new fields
• add a Button to reset TextBoxes to blanks rather
  than reloading cookie values
• add Button to 2nd page to delete cookie