COOKIES

COOKIES:

1. Cookies are the small text files that the Web server writes on the client machine when the client's browser access their web site.
2. Cookies can be stored in plain text or can be stored in encrypted form.
3. Cookies are actually used to identify the users and facilitate the state management.- Since web applications are stateless we need some way to manage the state of the current client request. The state management can be done at server side or client side.
4. Cookies are client side state management techniques

Type of Cookies:

Cookies can be classified into various types based on their lifetime behavior and the domain they are stored for. Major type of cookies are:

1. Session Cookies
2. Persistent Cookies
3. Secure Cookies
4. Third Party Cookies
   

Session Cookies: This cookie lives in memory of the client computer and its lifetime depends on the current browser session. If the user closes the browser these cookies are deleted from the client machine. If the user visits the website again after closing the browser these cookies will not be available.
Persistent Cookies: Persistent cookies are the cookies that are stored on the secondary storage of the client machine. These cookies do not depend on the browser session. If the user closes the browser and then access the website again then these cookies will still be available. The lifetime of these cookies are specified in cookies itself (as expiration time). The maximum age of such cookies could be 1 year.
Secure Cookies: These cookies have an attribute for security. These cookies can only be accessed by the HTTPS connections and not HTTP connections. The reason for having this type of cookie is that it lessen the chances of cookie stealing/eavesdropping
HttpOnly Cookies: This mode will allow the cookie to be accessed using HTTP or HTTPS requests. Such cookies will not be accessible by any other methods(JavaScript APIs for instance)
Third Party Cookies: First party cookies are the cookies which set the domain of the cookie same as the domain or sub-domain of the website that is being browsed. Third Party Cookies on the other hand are the cookies with domain set to different domain then the website being browsed. These cookies are mainly used for tracking user browsing patterns and/or finding the Advertisement recommendations for the user.

Use of Cookies

The main use of Cookies are:

State Management (Session Management)

The state management can be done using cookies. The cookies themselves are very good way to have client side state management that requires the state to e remembered between website visits.
Along with being client side state management, the cookies are also very useful in maintaining the sessions on servers. Session being a server side state management technique stores all the state related data on the server. But the server still need to uniquely identify the client to associate the correct session data with it. This is facilitated by Cookies.
ASP.NET Roles and Membership and Custom forms authentication also uses cookies for authentication and authorization.

Web Page Personalization

Web page personalization can also be achieved using cookies. User can set personalization preferences and these preferences can be saved on server. Using cookies we can identify the same user and then load the personalized version for him.
The User Profiles in ASP.NET, if tracking the anonymous users also uses cookies to track the anonymous users.

Tracking User

Cookies are also user to track the user browsing patterns. This is mainly done to identify whether the user is visiting the site for the first time or is he a returning user. Also This is being done to find the Ad recommendations for the user.

Using the code

Cookie Attributes

As the life and behavior of cookies are governed by the cookie attributes. The attributes are
Secure: When this attribute is specified the cookie can only be accessed over HTTP. This reduces the chances of cookies getting stolen or eavesdropping of cookies.
Domain and Path: These two attributes are to identify the web site and the particular URL of that website for which this cookie is being set.
HTTPOnly: using this attribute the cookies are forced to be used over HTTP or HTTPS only. This reduce the chances of cross site scripting because the JavaScript APIs will not be able to access cookies.
Expires: This attribute specifies whether the cookie is persistent or non persistent. If we don't specify this attribute the cookie will be non persistent i.e. closing the browser will remove the cookie from the browser memory. If this attribute is specified then the cookie will be written on the client machine and will be valid till the time specified in this attribute is reached.

Implementing Cookies in ASP.NET

Develop a small sample application which will use cooies to track the user's name and the time of his last visit on this site. We will use a persistent cookie to remember this information.
Start by having a simple page that shows the user information i.e. name and last visit. The basic algorithm for implementing the desired functionality will be:

1. We will check if the time of last visit is present in the cookies.
2. If not then this is perhaps the first time user is visiting the site.
   1. We will show the default texts to him.
   2. Save the users visit time in a cookie.
   3. If the user chooses to save his name then save his name in a cookie.
3. If the cookie is present
   1. Load the data from the cookie
   2. Show the time of last visit
   3. If his user name is present show it
   4. Update the current time as the last visit time in the cookie
   5. If the user chooses to save his name then save his name in a cookie.