How to: Read a Cookie
Cookies provide a means in Web applications to store user-specific information, such as history or user preferences. A cookie is a small bit of text that accompanies requests and responses as they go between the Web server and client. The cookie contains information that the Web application can read whenever the user visits the site.
The browser is responsible for managing cookies on a user system. Cookies are sent to the server with a page request and are accessible as part of theobject, which exposes a collection. You can read only cookies that have been created by pages in the current domain or path.
To read a cookie
Read a string from the Cookies collection using the cookie's name as the key.
The following example reads a cookie named
UserSettingsand then reads the value of the subkey named
If (Request.Cookies("UserSettings") IsNot Nothing) Then Dim userSettings As String If (Request.Cookies("UserSettings")("Font") IsNot Nothing) Then userSettings = Request.Cookies("UserSettings")("Font") End If End If
Compiling the Code
This example requires:
An ASP.NET Web page.
A cookie written previously named
UserSettings, as illustrated in the topic
For security reasons, you can read only cookies that are set by pages that are part of the same domain. If the cookie'sproperty has been set, that cookie is available only to pages and subfolders within that path of the domain.
When reading specific cookie values, test that the cookie exists and that it has a value, otherwise an exception will occur.
All values in a cookie are stored as type, so to work with cookie values as different data types, you must convert the value appropriately.
The browser can send the data back only to the server that originally created the cookie. However, malicious users can access cookies and read their contents. Do not store sensitive information in a cookie, such as a user name or password. Instead, store a token that you can use to look up the sensitive information on the server. Additionally, cookies can be tampered with, so any data in cookie should be treated with the same measures you use to prevent cross site scripting attacks. Seefor more information.