Export (0) Print
Expand All
6 out of 7 rated this helpful - Rate this topic

Response.Cookies Collection

IIS 6.0

The Cookies collection sets the value of a cookie. If the specified cookie does not exist, it is created. If the cookie exists, it takes the new value, and the old value is discarded.

Cookies should never be used to store secure data, such as passwords. Cookies are transmitted as clear text. If a malicious user taps an Internet connection, then they can take cookie data to impersonate a client and gain access to their data. If you must transmit sensitive data, do so on a Secure Sockets Layer (SSL) connection. For more information on SSL, see "Secure Sockets Layer" in IIS Help, which is accessible from IIS Manager.

Response.Cookies(cookie)[(key)| .attribute] =value

cookie

The name of the cookie.

key

An optional parameter. If key is specified, Cookie is a dictionary, and key is set to value.

attribute

Specifies information about the Cookie itself. The attribute parameter can be one of the following.

Name

Description

Domain

Write-only. If specified, the Cookie is sent only to requests to this domain.

Expires

Write-only. The date on which the Cookie expires. This date must be set in order for the Cookie to be stored on the client's disk after the session ends. If this attribute is not set to a date beyond the current date, the Cookie expires when the session ends.

HasKeys

Read-only. Specifies whether the cookie contains keys.

Path

Write-only. If specified, the Cookie is sent only to requests to this path. If this attribute is not set, the application path is used.

Secure

Write-only. Specifies whether the Cookie is secure.

Value

Specifies the value to assign to key or attribute.

If a Cookie with a key is created, as shown in the following script,


<%  
  Response.Cookies("mycookie")("type1") = "sugar" 
  Response.Cookies("mycookie")("type2") = "ginger snap" 
%>  


The following header is sent:


Set-Cookie:MYCOOKIE=TYPE1=sugar&TYPE2=ginger+snap 


A subsequent assignment to myCookie without specifying a key would destroy the type1 and type2 keys, as shown in the following example:


<% Response.Cookies("myCookie") = "chocolate chip" %>  


In the preceding example, the type1 and type2 keys are destroyed and their values are discarded. The myCookie cookie now has the value chocolate chip.

Conversely, if you use a Cookie with a key, it destroys any nonkey values that the Cookie contained. For example, if after the preceding code you call Response.Cookies with the following:


<% Response.Cookies("myCookie")("newType") = "peanut butter" %>  


The value chocolate chip is discarded and newType would be set to peanut butter.

To determine whether a cookie has keys, use the following syntax:


<%= Response.Cookies("myCookie").HasKeys %>  


If myCookie is a cookie dictionary, the preceding value is TRUE. Otherwise, it is FALSE.

You can use an iterator to set cookie attributes. For example, to set all of the cookies to expire on a particular date, use the following syntax:


<%  
  For Each cookie in Response.Cookies 
    Response.Cookie(cookie).Expires = #July 4, 1997# 
  Next 
%>  


You can also iterate through the values of all the cookies in a collection, or all the keys in a cookie. However, if you try to iterate through the values for a cookie that does not have keys, nothing will be returned. To avoid this, you can first use the .HasKeys syntax to check whether a cookie has any keys, as shown in the following example.


<%  
  If Not cookie.HasKeys Then 
    'Set the value of the cookie.  
    Response.Cookies(cookie) = "" 
  Else 
    'Set the value for each key in the cookie collection. 
    For Each key in Response.Cookies(cookie) 
      Response.Cookies(cookie)(key) = "" 
    Next 
%>  


The following examples demonstrate how you can set a value for a cookie and assign values to its attributes.

Caution noteCaution:

Do not store sensitive data, such as passwords or account numbers in cookies.

For more detailed information on security, see MS Press - Writing Secure Code.


<% 
  Response.Cookies("Type") = "Chocolate Chip" 
  Response.Cookies("Type").Expires = "July 31, 2001" 
  Response.Cookies("Type").Path = "/" 
%> 


Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.

Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.

Product: IIS

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.