How can I create persistent cookies in ASP.NET?
Here's how you can do that.
Writing the persistent cookie.
//create a cookieHttpCookie myCookie = new HttpCookie("myCookie");//Add key-values in the cookiemyCookie.Values.Add("userid", objUser.id.ToString());//set cookie expiry date-time. Made it to last for next 12 hours.myCookie.Expires = DateTime.Now.AddHours(12);//Most important, write the cookie to client.Response.Cookies.Add(myCookie);
Reading the persistent cookie.
//Assuming user comes back after several hours. several < 12.//Read the cookie from Request.HttpCookie myCookie = Request.Cookies["myCookie"];if (myCookie == null){ //No cookie found or cookie expired. //Handle the situation here, Redirect the user or simply return;}//ok - cookie is found.//Gracefully check if the cookie has the key-value as expected.if (!string.IsNullOrEmpty(myCookie.Values["userid"])){ string userId = myCookie.Values["userid"].ToString(); //Yes userId is found. Mission accomplished.}
Although the accepted answer is correct, it does not state why the original code failed to work.
Bad code from your question:
HttpCookie userid = new HttpCookie("userid", objUser.id.ToString());userid.Expires.AddYears(1);Response.Cookies.Add(userid);
Take a look at the second line. The basis for expiration is on the Expires property which contains the default of 1/1/0001. The above code is evaluating to 1/1/0002. Furthermore the evaluation is not being saved back to the property. Instead the Expires property should be set with the basis on the current date.
Corrected code:
HttpCookie userid = new HttpCookie("userid", objUser.id.ToString());userid.Expires = DateTime.Now.AddYears(1);Response.Cookies.Add(userid);
FWIW be very careful with storing something like a userid in a cookie unencrypted. Doing this makes your site very prone to cookie poisoning where users can easily impersonate another user. If you are considering something like this I would highly recommend using the forms authentication cookie directly.
bool persist = true;var cookie = FormsAuthentication.GetAuthCookie(loginUser.ContactId, persist);cookie.Expires = DateTime.Now.AddMonths(3);var ticket = FormsAuthentication.Decrypt(cookie.Value);var userData = "store any string values you want inside the ticket extra than user id that will be encrypted"var newTicket = new FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, userData);cookie.Value = FormsAuthentication.Encrypt(newTicket);Response.Cookies.Add(cookie);
Then you can read this at any time from an ASP.NET page by doing
string userId = null;if (this.Context.User.Identity.IsAuthenticated) { userId = this.Context.User.Identity.Name;}