Today I had to develop very simple and standard functionality with cookies. I’ll describe this shortly.
Task
When user visits a site for the first time a disclaimer page must be displayed. Once the user agree with it a cookie value is changed to “true” and the next time the user opens the site the disclaimer is not displayed.
Problem
The cookie is lost when the browser is closed if you change cookie value.
Research
Below is some example code that I used to investigate the problem:
- Open Visual Studio
- Create new web site
- Copy and paste the following code to the Page_Load method of defaut.aspx.cs file:
if (Request.Cookies["test"] == null) { HttpCookie cookieDisclaimer = new HttpCookie("test", "cookie test"); cookieDisclaimer.Expires = DateTime.MaxValue; // the cookie never expires Response.Cookies.Add(cookieDisclaimer); Response.Write("cookie added"); } else { // NOTE: We'll add some lines here later Response.Write(Request.Cookies["test"].Value); } - Buld the website and open in a browser
- The first time the browser opens the cookie is created. Click F5 several times and you’ll see cookie value displayed.
- Close the browser, open it again and navigate to the website URL. You’ll see directly the the cookie value which means that the cookie exists.
Now let’s update the code, so cookie value is changed.
Add the following code below “NOTE: We’ll add some lines here later”:
Response.Cookies["test"].Value = "cookie test";
Execute the steps described above and you’ll see that every time you open a browser the cookie is created. So the cookie expires when the browser is closed.
According to me this is not the correct cookie behaviour. Correct me if I’m wrong
Solution
The solution is simple: everytime you change the cookie value, you need to set cookie expiration date too.
So adding the following code after “NOTE: We’ll add some lines here later” fix the problem:
Response.Cookies["test"].Value = "cookie test"; Response.Cookies["test"].Expires = DateTime.MaxValue;
I hope the solution above is useful.
browser, close, cookie, lost persist
Cookie without expire date is “session cookie”. It acts the same way Session variables do.
Consider also setting HttpCookie.Domain and HttpCookie.Path members, because if you set cookie at www.domain.com, you might not be able to read it from https://secure.domain.com/
Thanks for the advice about Domain and Path members.
I know that without setting expire date the cookie will behave like a “session cookie”. But the fact is that I’m setting the expiration date. The strange thing was that once I change the cookie value this expiration date is lost. So the steps are:
1) Create a cookie
2) Set cookie expiration date
3) Add cookie to Cookies collection
Then if you change the cookie value, the expiration date set in step 2 is lost and the cookie starts to behave like a “session cookie”.
That’s why I’m saying above that “everytime you change the cookie value, you need to set cookie expiration date too”.
I hope this comment crerifies the misunderstanding.
Thanks a lot. Very useful this trick!!!!!!
If the ASP.NET Session Id cookie is set to expire immediately on browser close, will this trigger the Session_End event on the server?
Thanks,
/Daniel
Thanks a lot…very nice explaination and solution.