ASP.NET session variables, cookies, query string parameters, etc.
Part four of a five-part series of blogs

There is a range of techniques for remembering information in ASP.NET across pages and even sessions, including session variables, cookies, query string parameters and crosspage postback. This blog explains how to use each of these techniques, together with the pros and cons of each.

  1. Remembering State between Pages
  2. Passing Data by Query String in the URL
  3. Passing Data using Session Variables
  4. Using Cookies to Remember Things (this blog)
  5. Cross-Page Postback

This page is part of an online tutorial in ASP.NET.  We're also happy to train you in person in ASP.NET!

Posted by Andy Brown on 16 October 2012

You need a minimum screen resolution of about 700 pixels width to see our blogs. This is because they contain diagrams and tables which would not be viewable easily on a mobile phone or small laptop. Please use a larger tablet, notebook or desktop computer, or change your screen resolution settings.

Using Cookies to Remember Things

What are Cookies?

Cookies are text files written to your computer by a website, so that the site can remember your preferences and past behaviour.  Here's what they look like:

Some sample cookies

A few of the 214 cookies created on the author's computer yesterday!  Privacy is so last year ...


Cookies remember log-in details, passwords, search preferences -and also other behaviour that you might not be so keen on a website tracking.

It's worth stressing at this point that you can turn cookies off, and up to 10% of Internet users do exactly that.  Cookies are only text files, and so don't pose a security risk, but they are an invasion of privacy.

Setting Cookies

You can set cookies in ASP.NET in much the same way as you set session variables (ie easily), whether in VB:

'store the text entered as cookies

If txtContains.Text.Length > 0 Then _

Response.Cookies("Contains").Value = txtContains.Text

If txtStatus.Text.Length > 0 Then _

Response.Cookies("Status").Value = txtStatus.Text

Or in C#:

// store the text entered as cookies

if (txtContains.Text.Length > 0) {

Response.Cookies["Contains"].Value = txtContains.Text;


if (txtStatus.Text.Length > 0) {

Response.Cookies["Status"].Value = txtStatus.Text;


Reading Cookies Back

Just like session variables, you can read cookies back in easily enough, although you have to be careful to type their names correctly.  Here's some VB code to do this for our example:

'retrieve cookies, if set

Dim Contains As String

Dim Status As String



Contains = Convert.ToString(Request.Cookies("Contains").Value)

Status = Convert.ToString(Request.Cookies("Status").Value)

Catch ex As Exception

Contains = "Not passed"

Status = "Not passed"

End Try


litContains.Text = Contains

litStatus.Text = Status

Here's the same code in C#:

string Contains;

string Status;


// retrieve cookies, if set

try {

Contains = Convert.ToString(Request.Cookies["Contains"].Value);

Status = Convert.ToString(Request.Cookies["Status"].Value);

} catch {

Contains = "Not passed";

Status = "Not passed";



litContains.Text = Contains;

litStatus.Text = Status;

Disadvantages of Cookies

Cookies have a number of disadvantages as a way of preserving state:

Disadvantage Notes
They may not work! If a user has turned off cookies on their browser, your website isn't going to be able to put a text file on their computer to remember things.
They may be mistyped. It's all too easy to mistype cookies - Cookies("Contains") is not that same as Cookies("Contins"), but you'll only find that out when things don't work as planned.
They may be illegal! From 26th May 2012 an EU directive requires that websites explain how they are storing information about users (hence the flurry of pop-ups appearing after then).

Although cookies can be used to pass information between pages, in practice they are designed more to remember users' preferences and choices between sessions (visits).

Setting Expiration Periods for Cookies

Cookies don't last forever, as this bit of VB code shows:

'kill cookies off after 1 hour

Response.Cookies("Contains").Expires = Now.AddHours(1)

Response.Cookies("Status").Expires = Now.AddHours(1)

These 2 lines of code will ensure that these 2 cookies are removed from client computers one hour from the current datet/time.

This blog has 0 threads Add post