Tuesday, October 9, 2012

A Beginner's guide for Cookies in ASP.NET

http://www.codeproject.com/Articles/422249/A-Beginners-guide-for-Understanding-and-Implementi

Type of Cookies

Cookies can be classified into various types based on their lifetime behavior and the domain they are stored for. Major type of cookies are:
  1. Session Cookies
  2. Persistent Cookies
  3. Secure Cookies
  4. Third Party Cookies
Session Cookies: This cookie lives in memory of the client computer and its lifetime depends on the current browser session. If the user closes the browser these cookies are deleted from the client machine. If the user visits the website again after closing the browser these cookies will not be available.
Persistent Cookies: Persistent cookies are the cookies that are stored on the secondary storage of the client machine. These cookies do not depend on the browser session. If the user closes the browser and then access the website again then these cookies will still be available. The lifetime of these cookies are specified in cookies itself (as expiration time). The maximum age of such cookies could be 1 year.
Secure Cookies: These cookies have an attribute for security. there cookies can only be accessed by the HTTPS connections and not HTTP connections. The reason for having this type of cookie is that it lessen the chances of cookie stealing/eavesdropping(more on this later in the article)
HttpOnly Cookies: This mode will allow the cookie to be accessed using HTTP or HTTPS requests. Such cookies will not be accessible by any other methods(JavaScript APIs for instance)
Third Party Cookies: First party cookies are the cookies which set the domain of the cookie same as the domain or sub-domain of the website that is being browsed. Third Party Cookies on the other hand are the cookies with domain set to different domain then the website being browsed. These cookies are mainly used for tracking user browsing patterns and/or finding the Advertisement recommendations for the user.

Use of Cookies

The main use of Cookies are:

State Management (Session Management)

The state management can be done using cookies. The cookies themselves are very good way to have client side state management that requires the state to e remembered between website visits.
Along with being client side state management, the cookies are also very useful in maintaining the sessions on servers. Session being a server side state management technique stores all the state related data on the server. But the server still need to uniquely identify the client to associate the correct session data with it. This is facilitated by Cookies.
ASP.NET Roles and Membership and Custom forms authentication also uses cookies for authentication and authorization. Please see the the following articles for details on these [3], [2]topics. There is a section at the end of this article which discusses the use of cookies in session management in details.

Web Page Personalization

Web page personalization can also be achieved using cookies. User can set there personalization preferences and these preferences can be saved on server. Using cookies we can identify the same user and then load the personalized version for him.
The User Profiles in ASP.NET, if tracking the anonymous users also uses cookies to track the anonymous users. More on user personalization can be found here [4]

Tracking User

Cookies are also user to track the user browsing patterns. This is mainly done to identify whether the user is visiting the site for the first time or is he a returning user. Also This is being done to find the Ad recommendations for the user.

No comments:

Post a Comment