ASP Cookies

Cookies are a powerful tool in ASP. You can use these to track a state or information on the client side. You can use cookies to track a user, save information on the client side or even simple authentication.

Setting a cookie:

Response.Cookies(nameofcookie) = somevalue

There are also 4 properties that can be set. These are Domain, Expires, Path and Secure.

Domain: This is the domain that the cookie is associated with. If no domain is entered the domain of the current page will be used.
Expires: This is the date/time the cookie will expire. If none is set the cookie will be destroyed when the user closes his/her browser.
Path: Much like the domain property, the path is where the cookie came from. If none is specified it will use the path of the page that it was created on.
Secure: This is a TRUE or FALSE setting. If set to TRUE then the client will be required to be in secure mode (https) to return the cookie.

Setting a cookie property:

Response.Cookies(nameofcookie).Property = somevalue Example: Using a cookie for a simple login.

File: login.htm

<HTML>

<TITLE>Login</TITLE>

<BODY>

<FORM method="POST" action="login.asp">

    Password: <input TYPE="PASSWORD" NAME ="PASSWORD">

<input TYPE="SUBMIT" VALUE="Login">

</FORM>

</BODY>

</HTML>

Once we have the password we call the ASP script that will validate then set cookies if valid.

File: login.asp

<%@ LANGUAGE="VBSCRIPT" %>  

  

<% 



'Get the password from the last form.

PASSWORD = Request.form("PASSWORD") 

  

  If PASSWORD = "secretpassword" then

  'Here we know that the user knows the password. We then

  'create a cookie called "CDemo and set the value to

  '"verified".

  Response.Cookies ("CDemo") = "Verified"

  'Now lets send them to the password protected page!

  'Try bookmarking the page then go right to it without

  'logging in.

  'Note: You will need to set this path to go to your

  'server/dir.

  'Note: When using a redirect you can NOT print any headers

  'to the screen.

  'This means no <HTML> tags.

  Response.Redirect("http://localhost/menu.asp")

  Else

  'Write out a little message to the user.

  Response.Write "<CENTER><B>INVALID PASSWORD!</B></CENTER>"

  End if 

  

  %>

The user has logged on and the cookie is set. Now for the protected page.

File: menu.asp

<HTML>

<TITLE>Members Area</TITLE>

<BODY>

<%@ LANGUAGE="VBSCRIPT" %>

<% ' Check the client cookies to see if they have access. %>

<% UserVer = Request.Cookies ("CDemo") %>

<% if Request.Cookies ("CDemo") = "Verified" then %>

<CENTER>Welcome back member!</CENTER>

<BR><BR>Put any HTML here that you would like to have the 'members' see/use.

<% else %>

<% 'The cookie was invalid or not set. Hacker?! %>

<CENTER> <BR>

<B>We see that you are not member or have not logged

in!</B></CENTER>

<BR>

<% end if %>

</BODY>

</HTML>

What is another good use for cookies? Allowing customers to "customize" the web site to look as they want it. Give it a try!