How to limit the scope of cookies to a specific folder of the website in ASP.NET
Posted by Sheo Narayan
on 6/21/2011 for Advance level | Points: 250
| Views : 4380
If you found plagiarised (copied)
or inappropriate content,
please let us know
the original source along with your correct email id (to communicate) for further action.
Rating: 5 out of 5
In earlier articles, we learnt how to create, read, expire cookies. In this article we are going to learn how to limit the scope of the cookies to a particular folder of the website or particular sub-domain of the website.
A Cookie is a small amount of text that attached to the requet and response in between browser and the server. This small amount of text can be read by the application whenever user browse the it. Please note that cookie is not a good medium to store the confidential data as it is stored into the user browser.
Let's learn how to limit the scope of the cookie creation so that those cookie will be available only to a particular folder of the website.
I am going to create a sample demo page here and below is the code for that.
<asp:Button ID="btnCookieSet" runat="server" Text="Set Cookie" OnClick="SetCookie" />
<asp:Button ID="btnCookieGet" runat="server" Text="Get Cookie" OnClick="GetCookie" />
In the above snippet, we have two buttons. Clicking on first button executes SetCookie method and clicking on the second button executes GetCookie method.
// how to test
// Access this page and set the cookie, then get the cookie value.
// Now go to any page that is not into this folder and try to read the cookie created here, you will not get it.
protected void SetCookie(object sender, EventArgs e)
// set the cookie
Response.Cookies["MyCookie"].Value = "My cookie value under MyCookieFolder folder";
Response.Cookies["MyCookie"].Path = "/Cookies/MyCookieFolder/";
protected void GetCookie(object sender, EventArgs e)
if (Request.Cookies["MyCookie"] != null)
string cookieValue = Request.Cookies["MyCookie"].Value;
Get video tutorials of hundreds of ASP.NET Tips and Tricks like this.
In the SetCookie method we are setting the cookie value and then setting the cookie path. This path should be from the root folder of the website/application. Setting path of the cookie restricts this cookie to be created only for that folder. This cookie can’t be accessed by any page that is outside this folder (in this case my folder is /Cookies/MyCookieFolder/).
It simply checks for the Cookie and if it is not null, retrieves its value and writes on the page. As this method is inside the same page so you should get the cookie value set from the SetCookie method.
Now, you copy-paste this method into other page that is not into the /Cookies/MyCookieFolder/ folder and try to execute this method, you will NOT get the cookie value. This is because the cookie was created for /Cookies/MyCookieFolder/ folder only and will not be available outside this folder.
In which scenario, we should limit the scope of the cookies?
When cookies are created for the website, all the cookies are transferred to and from for all the requests to the server from client. In case your application is so big and relies on cookies its not good practice to send all cookies to and from the server (it may hamper the performance of your web pages as well). So in this case you can limit the scope of cookies based on the path or folder so that only folder specific cookies will be sent to and from the server.
There might be another scenario as well. Lets take an example where your application has several modules residing in several folders of the web application/website. In this case also you can create folder specific cookies so that cookie created for one module doesn't get affected by others.
In case you have missed other articles like creating, reading, expiring cookies, click here.
Hope this article was useful. Subscribe for the RSS to get more articles in this series. In the next article we shall learn some more interesting stuffs related with cookies.
Thanks for reading, keep learning and sharing ....
Found interesting? Add this to: