How to prevent a cookie from being sent
I want to prevent a certain cookie from being posted from the client on each request.
My app has 2 cookies. One is used in FormsAuthentification and is required throughout the lifetime of the app, the other is just used for one form, a login form, on this form I use the cookie to pick up the user details only if they have ticked a "remember me" box.
When they tick the box the cookie is created and sent down to the client.
The problem is all future Requests attach this cookie too, even though I only require it on the login page..
Is there any way to prevent this cookie from being posted with every request and response?
HttpRequest.. I had to check that twice.. by the way what's the difference?
Also I've just come across the ASP.NET Login Control, could this be an alternative to the Cookie?
HttpRequest is used mostly to implement the Request property of HttpApplication and HttpContext in ASP.NET. I wouldn't suggest using that if you're spinning of a new requested--which would best be done with HttpWebRequest, depending on your circumstances.
So, you're setting the HttpWebRequest.Cookies property manually, or are you reusing the HttpWebRequest object for many unique requests? I'm trying to find out where you're getting the cookies and how they're being propagated to new requests...
I'm using HttpRequest.
The HttpCookie is being newed and added to the Response.
So the clients initial entry the HttpCookie is created, some user specific info set, it's added to the Response and sent to the Client.
It's now a Cookie on the Client side. Every Request the Cookie makes from now on has the Cookie attached, even though it's not always used.
If the user returns to this page then the data in the Cookie is used, Request.Cookie
;
This particular Cookie is not used in any other page.
The login.aspx.cs page
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (!this.IsPostBack)
{
HttpCookie rememberLogin = Request.Cookies.Get("rememberLogin");
if (rememberLogin != null)
{
LoginInfo loginInfo = new LoginInfo(Utility.Decrypt(rememberLogin.Value));
lblState.Text = loginInfo.GetProperty("UserState");
......
}
string sRedirectURL = Request.QueryString["ReturnUrl"];
...
}
}
catch
{
...
}
}
protected void Button1_Click(object sender, EventArgs e)
{
,....
if (chkRemember.Checked)
{
HttpCookie rememberLogin = new HttpCookie("rememberLogin", Utility.Encrypt(userLoginXML));
rememberLogin.Expires = DateTime.Now.AddDays(5);
Response.Cookies.Add(rememberLogin);
}
..........
}
 learnerplates wrote: |
I'm using HttpRequest.
The HttpCookie is being newed and added to the Response.So the clients initial entry the HttpCookie is created, some user specific info set, it's added to the Response and sent to the Client.
It's now a Cookie on the Client side. Every Request the Cookie makes from now on has the Cookie attached, even though it's not always used.
If the user returns to this page then the data in the Cookie is used, Request.Cookie;
This particular Cookie is not used in any other page. The login.aspx.cs page protected void Page_Load(object sender, EventArgs e)
{
try
{ if (!this.IsPostBack)
{
HttpCookie rememberLogin = Request.Cookies.Get("rememberLogin");
if (rememberLogin != null)
{
LoginInfo loginInfo = new LoginInfo(Utility.Decrypt(rememberLogin.Value)); lblState.Text = loginInfo.GetProperty("UserState");
......
}
string sRedirectURL = Request.QueryString["ReturnUrl"];
...
}
}
catch
{
...
}
} protected void Button1_Click(object sender, EventArgs e)
{
,....
if (chkRemember.Checked)
{
HttpCookie rememberLogin = new HttpCookie("rememberLogin", Utility.Encrypt(userLoginXML));
rememberLogin.Expires = DateTime.Now.AddDays(5);
Response.Cookies.Add(rememberLogin);
}
..........
} |
|
Sorry, thought your were creating the request... So, these are cookies that are coming from the client. A cookie may be created for a specific path, which may be the root of a specific site or page. If you're creating a cookie like this (which it appears you are as you're not setting the HttpCookie.Path property) then the client has no choice but to send that cookie with every request to that site. If the cookie applies only to a specific URI then you must specify that URI. It's not clear what HttpCookie.Path is by default when it applies to a Response object. HttpCookie.Path details "The default is the path of the current request."
Can you find out what your rememberLogin.Path value is after the call to Cookies.Add?
I haven't tried it; but, I would hope that "rememberLogin.Path = Request.Path;" does what you want. You may have to clear the client cookies for that to work as expected.
Peter Ritchie you is Da Man.
That worked a treat.
Set the Cookie.Path to the path of the Request, Request.Path before adding to the Response Cookie container.
"rememberLogin.Path = Request.Path;"A seperate cookie file is created on the Client which is only loaded when the specific page, the same page as set by the Request.Path.
Note: I've been using Fiddler to view the Http.
Thanks again Peter,
LP.
