How to limit the scope of cookies to a specific folder of the website in ASP.NET

Posted by in ASP.NET category on for Advance level | Points: 250 | Views : 13332 red flag
Rating: 5 out of 5  
 2 vote(s)

In earlier articles, we learnt how to create, read, expire cookies. In this article we are going to learn how to limit the scope of the cookies to a particular folder of the website or particular sub-domain of the website.


A Cookie is a small amount of text that attached to the requet and response in between browser and the server. This small amount of text can be read by the application whenever user browse the it. Please note that cookie is not a good medium to store the confidential data as it is stored into the user browser.

Let's learn how to limit the scope of the cookie creation so that those cookie will be available only to a particular folder of the website. 

I am going to create a sample demo page here and below is the code for that.


<asp:Button ID="btnCookieSet" runat="server" Text="Set Cookie" OnClick="SetCookie" />

<asp:Button ID="btnCookieGet" runat="server" Text="Get Cookie" OnClick="GetCookie" />

In the above snippet, we have two buttons. Clicking on first button executes SetCookie method and clicking on the second button executes GetCookie method.


// how to test

// Access this page and set the cookie, then get the cookie value.

// Now go to any page that is not into this folder and try to read the cookie created here, you will not get it.

protected void SetCookie(object sender, EventArgs e)


// set the cookie

Response.Cookies["MyCookie"].Value = "My cookie value under MyCookieFolder folder";

Response.Cookies["MyCookie"].Path = "/Cookies/MyCookieFolder/";


protected void GetCookie(object sender, EventArgs e)


if (Request.Cookies["MyCookie"] != null)


string cookieValue = Request.Cookies["MyCookie"].Value;




Get video tutorials of hundreds of ASP.NET Tips and Tricks like this.

SetCookie method

In the SetCookie method we are setting the cookie value and then setting the cookie path. This path should be from the root folder of the website/application. Setting path of the cookie restricts this cookie to be created only for that folder. This cookie can’t be accessed by any page that is outside this folder (in this case my folder is /Cookies/MyCookieFolder/).

GetCookie method

It simply checks for the Cookie and if it is not null, retrieves its value and writes on the page. As this method is inside the same page so you should get the cookie value set from the SetCookie method. 

Now, you copy-paste this method into other page that is not into the /Cookies/MyCookieFolder/ folder and try to execute this method, you will NOT get the cookie value. This is because the cookie was created for /Cookies/MyCookieFolder/ folder only and will not be available outside this folder.


In which scenario, we should limit the scope of the cookies?

When cookies are created for the website, all the cookies are transferred to and from for all the requests to the server from client. In case your application is so big and relies on cookies its not good practice to send all cookies to and from the server (it may hamper the performance of your web pages as well). So in this case you can limit the scope of cookies based on the path or folder so that only folder specific cookies will be sent to and from the server.

There might be another scenario as well. Lets take an example where your application has several modules residing in several folders of the web application/website. In this case also you can create folder specific cookies so that cookie created for one module doesn't get affected by others.

In case you have missed other articles like creating, reading, expiring cookies, click here.

Hope this article was useful. Subscribe for the RSS to get more articles in this series. In the next article we shall learn some more interesting stuffs related with cookies. 

Thanks for reading, keep learning and sharing ....

Page copy protected against web site content infringement by Copyscape

About the Author

Full Name: Sheo Narayan
Member Level: HonoraryPlatinum
Member Status: Administrator
Member Since: 7/8/2008 6:32:14 PM
Country: India
Regards, Sheo Narayan

Ex-Microsoft MVP, Author, Writer, Mentor & architecting applications since year 2001. Connect me on | |

Login to vote for this post.

Comments or Responses

Posted by: Akiii on: 6/21/2011 | Points: 25
Hi sir,
Thanks for your article.
Can you tell me what is the real-life need in restricting a cookie to a particular folder or a sub-domain ?

Hoping to get more articles like this....

Posted by: Akiii on: 6/21/2011 | Points: 25
Sir in the paragraph...

"GetCookie Method

Now, you copy-paste this method into other page that is not into the /Cookies/MyCookieFolder/ folder and try to execute this method, you will get the cookie value . This is because the cookie was created for /Cookies/MyCookieFolder/ folder only and will not be available outside this folder."

I think the bold part should be "you will not get the cookie value".....

I hope i am correct....

Posted by: SheoNarayan on: 6/21/2011 | Points: 25
Hi Akiii,

Thanks for your response and pointing out the typo, I have updated.

I have also added "In which scenario, we should limit the scope of the cookies?" section in the article, please go through it to know the real-time scenario for restricting the scope of the cookies.

Keep reading and sharing!

Posted by: Akiii on: 6/22/2011 | Points: 25
Thank you very much sir for the updation...


Login to post response

Comment using Facebook(Author doesn't get notification)