Not being able to set persistent cookie !!!

Posted by Akiii under C# on 10/3/2011 | Points: 10 | Views : 3882 | Status : [Member] | Replies : 2
Hi all,
I am trying to set persistent cookie but not being able to.
I have 2 pages, login.aspx where user will login themselves and a default.aspx where user will be redirected once username and password is confirmed.

Login.aspx code is :-

protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
HttpCookie objcookie = Request.Cookies["maincookie"];

if (objcookie != null)
{
Response.Redirect("Default.aspx");
}
else
{
Response.Redirect("login.aspx");
}
}
}

protected void btnsubmit_Click(object sender, EventArgs e)
{
if (txtusername.Text == "Akiii" && txtpassword.Text == "123")
{
HttpCookie objcookie = new HttpCookie("maincookie");
objcookie["username"] = txtusername.Text;
objcookie["password"] = txtpassword.Text;
objcookie.Expires = DateTime.Now.AddDays(1);

Response.Cookies.Add(objcookie);

Response.Redirect("Default.aspx");
}
else
{
Response.Write("Please try again !");
}
}


And the default page code is:-

protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
HttpCookie objcookie = Request.Cookies["maincookie"];

if (objcookie != null)
{
usernameshow.Text = objcookie["username"];
passwordshow.Text = objcookie["password"];
}
else
{
Response.Redirect("login.aspx");
}
}
}

protected void btnlogout_Click(object sender, EventArgs e)
{
HttpCookie objcookie = Request.Cookies["maincookie"];

objcookie.Expires = DateTime.Now;
Response.Cookies.Add(objcookie);
Response.Redirect("login.aspx");
}


My problem is that, until and unless i click the logout button in the default page, the user should be able to access the website without doing login again...!

Please help me regarding this!

Thanks and Regards
Akiii




Responses

Posted by: SheoNarayan on: 10/3/2011 [Administrator] HonoraryPlatinum | Points: 25

Up
0
Down
Thanks for asking this question Akiii,

First of all there is a problem with your approach.

You should never ever try to save the password in the cookies as the cookie get stored into client's machine and its a big security risks.

In this case you are creating multi-valued cookie and I would suggest you to follow this approach - http://www.dotnetfunda.com/articles/article1407-how-to-readwrite-multivalued-cookies-in-aspnet-.aspx.

Also your Logout method is setting the expiry to today's date, ideally it should set one day or many days before. To create persistent cookies, try to set the expiry date many months or several years ahead of today's date. Look at this post - http://stackoverflow.com/questions/3140341/how-to-create-persistent-cookies-in-asp-net.

Thanks

Regards,
Sheo Narayan
http://www.dotnetfunda.com

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Akiii on: 10/4/2011 [Member] Bronze | Points: 25

Up
0
Down
Hi Sir,
I just want to create a scenario in which if a user is already logged in then he/she doesnt have to login again...
Just like, dotnetfunda have...here i dont have to login multiple times if i havent logged out. How can dotnetfunda site remember me even if i close my browser or computer ?

And moreover, when i try the above scenario its giving me an error "The webpage at http://localhost:1435/CookieTest/login.aspx has resulted in too many redirects."

Please help in this scenario..
Thanks and Regards
Akiii

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response