Platform SDK: IIS SDK |
[IIS 5.0] [IIS 5.1] [IIS 6.0]
The Cookies collection sets the value of a cookie. If the specified cookie does not exist, it is created. If the cookie exists, it takes the new value, and the old value is discarded.
Cookies should never be used to store secure data, such as passwords. Cookies are transmitted as clear text. If a malicious user taps an internet connection, then they can take cookie data to impersonate a client and gain access to their data. If you must transmit sensitive data, do so on a Secure Sockets Layer (SSL) connection. For more information on SSL, see "Secure Sockets Layer" in IIS Help, which is accessible from IIS Manager.
Response.Cookies( cookie)[( key)|. attribute] = value
Name | Description |
---|---|
Domain | Write-only. If specified, the Cookie is sent only to requests to this domain. |
Expires | Write-only. The date on which the Cookie expires. This date must be set in order for the Cookie to be stored on the client's disk after the session ends. If this attribute is not set to a date beyond the current date, the Cookie expires when the session ends. |
HasKeys | Read-only. Specifies whether the cookie contains keys. |
Path | Write-only. If specified, the Cookie is sent only to requests to this path. If this attribute is not set, the application path is used. |
Secure | Write-only. Specifies whether the Cookie is secure. |
If a Cookie with a key is created, as shown in the following script,
<%
Response.Cookies("mycookie")("type1") = "sugar"
Response.Cookies("mycookie")("type2") = "ginger snap"
%>
The following header is sent:
Set-Cookie:MYCOOKIE=TYPE1=sugar&TYPE2=ginger+snap
A subsequent assignment to myCookie without specifying a key would destroy the type1 and type2 keys, as shown in the following example:
<% Response.Cookies("myCookie") = "chocolate chip" %>
In the preceding example, the type1 and type2 keys are destroyed
and their values are discarded. The myCookie cookie now has the value
chocolate chip
.
Conversely, if you use a Cookie with a key, it destroys any nonkey values that the Cookie contained. For example, if after the preceding code you call Response.Cookies with the following:
<% Response.Cookies("myCookie")("newType") = "peanut butter" %>
The value chocolate chip
is discarded and newType
would be set to peanut butter
.
To determine whether a cookie has keys, use the following syntax:
<%=index.html Response.Cookies("myCookie").HasKeys %>
If myCookie is a cookie dictionary, the preceding value is TRUE. Otherwise, it is FALSE.
You can use an iterator to set cookie attributes. For example, to set all of the cookies to expire on a particular date, use the following syntax:
<%
For Each cookie in Response.Cookies
Response.Cookie(cookie).Expires =index.html #July 4, 1997#
Next
%>
You can also iterate through the values of all the cookies in a collection, or all the keys in a cookie. However, if you try to iterate through the values for a cookie that does not have keys, nothing will be returned. To avoid this, you can first use the .HasKeys syntax to check whether a cookie has any keys, as shown in the following example.
<%
If Not cookie.HasKeys Then
'Set the value of the cookie.
Response.Cookies(cookie) = ""
Else
'Set the value for each key in the cookie collection.
For Each key in Response.Cookies(cookie)
Response.Cookies(cookie)(key) = ""
Next
%>
The following examples demonstrate how you can set a value for a cookie and assign values to its attributes.
<%
Response.Cookies("Type") =index.html "Chocolate Chip"
Response.Cookies("Type").Expires = "July 31, 2001"
Response.Cookies("Type").Path = "/"
%>
Caution Do not store sensitive data, such as passwords or account numbers in cookies. For more detailed information on security, see MS Press - Writing Secure Code
Platforms: Windows 2000 with IIS 5.0 installed, Windows XP
with IIS 5.1 installed, Windows Server 2003 family with IIS 6.0
installed
What
did you think of this topic? |
Order a Platform SDK CD |