Not being able to set persistent cookie !!!

Posted by Akiii under C# on 10/3/2011 | Points: 10 | Views : 5210 | Status : [Member] | Replies : 2

Write New Post |

Search Forums | Answered

Resolved Posts |

Un Answered Posts |

Forums Home

Hi all,
I am trying to set persistent cookie but not being able to.
I have 2 pages, login.aspx where user will login themselves and a default.aspx where user will be redirected once username and password is confirmed.

Login.aspx code is :-

protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            HttpCookie objcookie = Request.Cookies["maincookie"];

            if (objcookie != null)
            {                
                Response.Redirect("Default.aspx");
            }
            else
            {
                Response.Redirect("login.aspx");
            }
        }
    }
    
    protected void btnsubmit_Click(object sender, EventArgs e)
    {
        if (txtusername.Text == "Akiii" && txtpassword.Text == "123")
        {
            HttpCookie objcookie = new HttpCookie("maincookie");
            objcookie["username"] = txtusername.Text;
            objcookie["password"] = txtpassword.Text;
            objcookie.Expires = DateTime.Now.AddDays(1);

            Response.Cookies.Add(objcookie);

            Response.Redirect("Default.aspx");
        }
        else
        {
            Response.Write("Please try again !");
        }
    }

And the default page code is:-

protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            HttpCookie objcookie = Request.Cookies["maincookie"];

            if (objcookie != null)
            {
                usernameshow.Text = objcookie["username"];
                passwordshow.Text = objcookie["password"];
            }
            else
            {
                Response.Redirect("login.aspx");
            }
        }
    }

    protected void btnlogout_Click(object sender, EventArgs e)
    {
        HttpCookie objcookie = Request.Cookies["maincookie"];

        objcookie.Expires = DateTime.Now;
        Response.Cookies.Add(objcookie);       
        Response.Redirect("login.aspx");
    }

My problem is that, until and unless i click the logout button in the default page, the user should be able to access the website without doing login again...!

Please help me regarding this!

Thanks and Regards
Akiii

Reply | Reply with Attachment

Alert Moderator

Responses

Posted by: SheoNarayan on: 10/3/2011 [Administrator] HonoraryPlatinum | Points: 25

0	Thanks for asking this question Akiii, First of all there is a problem with your approach. You should never ever try to save the password in the cookies as the cookie get stored into client's machine and its a big security risks. In this case you are creating multi-valued cookie and I would suggest you to follow this approach - http://www.dotnetfunda.com/articles/article1407-how-to-readwrite-multivalued-cookies-in-aspnet-.aspx. Also your Logout method is setting the expiry to today's date, ideally it should set one day or many days before. To create persistent cookies, try to set the expiry date many months or several years ahead of today's date. Look at this post - http://stackoverflow.com/questions/3140341/how-to-create-persistent-cookies-in-asp-net. Thanks Regards, Sheo Narayan http://www.dotnetfunda.com Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Thanks for asking this question Akiii,

First of all there is a problem with your approach.

You should never ever try to save the password in the cookies as the cookie get stored into client's machine and its a big security risks.

In this case you are creating multi-valued cookie and I would suggest you to follow this approach - http://www.dotnetfunda.com/articles/article1407-how-to-readwrite-multivalued-cookies-in-aspnet-.aspx.

Also your Logout method is setting the expiry to today's date, ideally it should set one day or many days before. To create persistent cookies, try to set the expiry date many months or several years ahead of today's date. Look at this post - http://stackoverflow.com/questions/3140341/how-to-create-persistent-cookies-in-asp-net.

Thanks

Regards,
Sheo Narayan
http://www.dotnetfunda.com

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Akiii on: 10/4/2011 [Member] Bronze | Points: 25

0	Hi Sir, I just want to create a scenario in which if a user is already logged in then he/she doesnt have to login again... Just like, dotnetfunda have...here i dont have to login multiple times if i havent logged out. How can dotnetfunda site remember me even if i close my browser or computer ? And moreover, when i try the above scenario its giving me an error "The webpage at http://localhost:1435/CookieTest/login.aspx has resulted in too many redirects." Please help in this scenario.. Thanks and Regards Akiii Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Hi Sir,
I just want to create a scenario in which if a user is already logged in then he/she doesnt have to login again...
Just like, dotnetfunda have...here i dont have to login multiple times if i havent logged out. How can dotnetfunda site remember me even if i close my browser or computer ?

And moreover, when i try the above scenario its giving me an error "The webpage at http://localhost:1435/CookieTest/login.aspx has resulted in too many redirects."

Please help in this scenario..
Thanks and Regards
Akiii

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Latest Posts