Cookies Overview: HttpCookie Class, usage and considerations
The Cookies bag enable us to get/set data in the client browser.
The cookie depends on browser capabilities and limitations. A client may
decide to disable the support for cookie - so we have to take it into account when we want to use it in our application. Its size is also limit to 4,096 bytes
We also have to remember that the cookies data transfer as
plain text and this means we should not keep there sensitive data.
When we need to set sensitive data in the cookie the best thing to do is
keeping only an encrypted user specific identifier that we will use on the
server to get the sensitive data from our repository.
Good candidate for cookie use are:
Shopping basket - for small amount of products
User Personalization - colors & layout, favorite language in multi-language
application etc
We can set/get the cookie on the server and/or client browser using
supported scripts.
On the server I would have locate the cookies manipulations in a center place
like the Global.asx class events and within the Application_BeginRequest
When using ASP.NET form authentication that relays on cookies
arguments we will attach our cookie authenticated code to the Global
application event - Application_AuthenticateRequest and we will use
order to use encrypt/decrypt services.
A better place for these manipulations will be within a custom HttpHandler or HttpModiules. These two are filters for Http request to a web site.
Within our custom filter we can handle the same Http event s(Begin Request)
and of course manipulate the Http request contexts data that available to us
within the custom handler or module.
The advantages of implementing custom handler/s is in general the reason we like so much OO. Http Handlers/Modules can be plug in to any web site by settings the web.config which make them reusable, they stand in their own assembly and we can extend them without our front-end will notice it.
As specified, within the client we should use one of the browser supported script language.
I have a cookies funstions library for client manipulations using JavaScript which I download from the net 6 years ago and its working just fine today.
I saw something similar to what I have in webreference web site so u can have a look
Cookie are not part of Http specification but mayee it should be. I vote for that.