Open in app

Sign in

Write

Sign in

Session & Cookies

About Cookies :

Shivani Nalawade
4 min readJun 1, 2020

Cookies are small package or small information file that are typically stored by your browser and the website is use cookies for multiple things.

  • Cookies often used to identify a users uniquely, with the request sent by web servers to web browsers, and this is sent back to the server each time the browser requests a page from the server. Each time the same computer requests a page with a browser, It will send the cookie too.

The purpose of a cookie is to store information about a particular client, cookie is saved on the client device. We can access cookie information by requesting from the browser, client sends the information in the cookie along with the request information.

  • It works transparently with the user. It can be easily used anywhere in your web application.

Cookies are divided into two types :

  1. Persistent Cookies
  2. Non-Persistent Cookies

Add & Remove Cookies :

To create a new cookie, we just need to create a new HttpCookie in controller action.

Properties in HttpCookies class :

Name : Contains the name of the key.

Domain : Using this properties we can set the domain of the cookies.

HashKeys : If the cookies have subkey then it returns the true.

value : It returns the value of key.

Secured : If the cookies are to be passed in a secure connection then it only return the true.

Path : contains the virtual path to the submitted the cookies.

Just to simple thing Request.Cookies (to retrieve) and Response.Cookies (to add)

Here it is how retrieve cookie information as shown in below.

Session :

  • We know that web http is a stateless, protocol which means a new instance of a web page is re-created each time the page is posted to the server it can’t hold client information in a page.

The Session is used to store information about client and it is also use for sending information of the current user. We can say that it is nothing more than a memory space in the form of a dictionary. It helps to maintain user data all over the application.

Saving and retrieving user information

Session["key"] = "Mindstick";
string getkey;
getkey
= Session["key"];

session variables hold information about one single user, and are available to all pages in one application

Session Security Tips :

  • Setting Timeout- Timing out sessions is a very important actions if you are dealing with users logged in to your website or application.
  • Regenerate Session ID- This functions create a new unique-ID for to represent the current users session
  • Destroy Session- This stops the attackers from hijack the stale session and again increase the security.
  • Use Permanent storage- Use a database to store data at the earliest moment you know the data will be persistent.

Configuring session

  • In the Startup class’s ConfigureServices method, call the AddMvc method on the IServiceCollection object passed to the method (AddMvc makes a default set of services available to your application).
  • In the Configure method, call the UseMvc method on the IApplicationBuilder object passed to the method (that creates a default pipeline for processing requests and responses).

In this article, I tell you how to manage login user information using session. Steps are given below

Here this is a simple demo, so I’m not checking any authentication for login. I’m simple store user id into session and pass to another view (e.g. EmployeeSection).

When you click on the Login button and see EmployeeSection view UI as below image

Wait for 5 minutes, if you do not refresh the page within 5 minutes then after 5 minutes session expired and when next time you refresh the page, session expired message display as below image

Session expires time to start to count, when you did not do anything after login.

I hope this guide has been helpful for you 😃!!!

--

--

Shivani Nalawade

Written by Shivani Nalawade

26 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams