Platform SDK: IIS SDK

      [IIS 5.0] [IIS 5.1] [IIS 6.0]

Response.Cookies Collection

The Cookies collection sets the value of a cookie. If the specified cookie does not exist, it is created. If the cookie exists, it takes the new value, and the old value is discarded.

Cookies should never be used to store secure data, such as passwords. Cookies are transmitted as clear text. If a malicious user taps an internet connection, then they can take cookie data to impersonate a client and gain access to their data. If you must transmit sensitive data, do so on a Secure Sockets Layer (SSL) connection. For more information on SSL, see "Secure Sockets Layer" in IIS Help, which is accessible from IIS Manager.

Syntax

Response.Cookies( cookie)[( key)|. attribute] = value

Parameters

cookie
The name of the cookie.
key
An optional parameter. If key is specified, Cookie is a dictionary, and key is set to value.
attribute
Specifies information about the Cookie itself. The attribute parameter can be one of the following.
Name Description
Domain Write-only. If specified, the Cookie is sent only to requests to this domain.
Expires Write-only. The date on which the Cookie expires. This date must be set in order for the Cookie to be stored on the client's disk after the session ends. If this attribute is not set to a date beyond the current date, the Cookie expires when the session ends.
HasKeys Read-only. Specifies whether the cookie contains keys.
Path Write-only. If specified, the Cookie is sent only to requests to this path. If this attribute is not set, the application path is used.
Secure Write-only. Specifies whether the Cookie is secure.
Value
Specifies the value to assign to key or attribute.

Remarks

If a Cookie with a key is created, as shown in the following script,

<% 

  Response.Cookies("mycookie")("type1") = "sugar"

  Response.Cookies("mycookie")("type2") = "ginger snap"

%> 

The following header is sent:

Set-Cookie:MYCOOKIE=TYPE1=sugar&TYPE2=ginger+snap

A subsequent assignment to myCookie without specifying a key would destroy the type1 and type2 keys, as shown in the following example:

<% Response.Cookies("myCookie") = "chocolate chip" %> 

In the preceding example, the type1 and type2 keys are destroyed and their values are discarded. The myCookie cookie now has the value chocolate chip.

Conversely, if you use a Cookie with a key, it destroys any nonkey values that the Cookie contained. For example, if after the preceding code you call Response.Cookies with the following:

<% Response.Cookies("myCookie")("newType") = "peanut butter" %> 

The value chocolate chip is discarded and newType would be set to peanut butter.

To determine whether a cookie has keys, use the following syntax:

<%=index.html Response.Cookies("myCookie").HasKeys %> 

If myCookie is a cookie dictionary, the preceding value is TRUE. Otherwise, it is FALSE.

You can use an iterator to set cookie attributes. For example, to set all of the cookies to expire on a particular date, use the following syntax:

<% 

  For Each cookie in Response.Cookies

    Response.Cookie(cookie).Expires =index.html #July 4, 1997#

  Next

%> 

You can also iterate through the values of all the cookies in a collection, or all the keys in a cookie. However, if you try to iterate through the values for a cookie that does not have keys, nothing will be returned. To avoid this, you can first use the .HasKeys syntax to check whether a cookie has any keys, as shown in the following example.

<% 

  If Not cookie.HasKeys Then

    'Set the value of the cookie. 

    Response.Cookies(cookie) = ""

  Else

    'Set the value for each key in the cookie collection.

    For Each key in Response.Cookies(cookie)

      Response.Cookies(cookie)(key) = ""

    Next

%> 

Example

The following examples demonstrate how you can set a value for a cookie and assign values to its attributes.

<%

  Response.Cookies("Type") =index.html "Chocolate Chip"

  Response.Cookies("Type").Expires = "July 31, 2001"

  Response.Cookies("Type").Path = "/"

%>

caution Caution  Do not store sensitive data, such as passwords or account numbers in cookies. For more detailed information on security, see MS Press - Writing Secure Code

Applies To

Response Object

See Also

Requirements

Platforms: Windows 2000 with IIS 5.0 installed, Windows XP with IIS 5.1 installed, Windows Server 2003 family with IIS 6.0 installed

Platform SDK Release: February 2003
What did you think of this topic?
Order a Platform SDK CD