What is the best practice for updating a cookie that was set on a previous request in ASP.NET?

About

Asked 1/4, 2011 at 18:53 Answered 10/4, 2011 at 4:7

asp.net httprequest httpresponse httpcookie httpcookiecollection

Here is the scenario. A cookie with the key "MyCookie" has been set on a previous request. I can access it via HttpContext.Request.Cookies.Get("MyCookie"). I want to perform an update such as adding another value to the Cookie Values collection, but I'm not 100% sure I am doing it right.

Am I doing this correctly in the following example?

   public static void UpdateCookie(HttpContext context, string cookieName, Action<HttpCookie> updateCookie){
        var cookie = context.Request.Cookies.Get(cookieName);
        updateCookie(cookie);
        context.Response.Cookies.Set(cookie);
   }

Hate answered 1/4, 2011 at 18:53 Comment(2)

Is this question better suited to codereview.stackexchange.com? I'm not sure. – Sulfanilamide 1/4, 2011 at 19:10

@Tuzo, I don't think so. My question is just about how to do something correctly. The code snippet is not something from my application. It's just the best way that I could think of to explain my current understanding. If you look at the first paragraph of the FAQ on codereview.stackexchange.com/faq, you will see it explicitly says Code Review is for questions that are "not about... best practices" – Hate 1/4, 2011 at 19:19

To update a cookie, you need only to set the cookie again using the new values. Note that you must include all of the data you want to retain, as the new cookie will replace the previously set cookie. I'm going to assume that your implementation of updateCookie() does just that.

Otherwise, your general premise is correct. Here's an implementation I've used many times to do just that. (Note: _page is a reference to the current Page):

/// <summary> 
/// Update the cookie, with expiration time a given amount of time from now.
/// </summary>
public void UpdateCookie(List<KeyValuePair<string, string>> cookieItems, TimeSpan? cookieLife)
{
    HttpCookie cookie = _page.Request.Cookies[COOKIE_NAME] ?? new HttpCookie(COOKIE_NAME);

    foreach (KeyValuePair<string, string> cookieItem in cookieItems)
    {
        cookie.Values[cookieItem.Key] = cookieItem.Value;
    }

    if (cookieLife.HasValue)
    {
        cookie.Expires = DateTime.Now.Add(cookieLife.Value);
    } 
    _page.Response.Cookies.Set(cookie);
}

Transpadane answered 10/4, 2011 at 4:7 Comment(1)

Setting response cookie based on requests cookie can cause writing some cookie properties that we don't want like SameSite=None. Example default SameSite value is set to -1 or to Lax this value is not send back by browser to server and request cookie have SameSite=None which is not what we want when we sent it again to browser. (I'm just fixing similar piece of code in my application, related to recent Chrome changes) – Taranto 7/7, 2020 at 21:56

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags