Session and Cookie Management in.Net Sandeep Kiran Shiva UIN: 00822389.

Slides:



Advertisements
Similar presentations
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Advertisements

CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.
Cookies.NET Security Summer 2006 CS795/895 Hadi Arbabi.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Chapter 10 Managing State Information PHP Programming with MySQL.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
McGraw-Hill/Irwin © 2004 by The McGraw-Hill Companies, Inc. All rights reserved. Beginning Active Server Pages Barry Sosinsky Valda Hilley Programming.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Overview of Previous Lesson(s) Over View  Server controls are small building blocks of the graphical user interface, which includes  Text boxes  Buttons.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
JavaScript, Fourth Edition
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
Session and cookie management in.Net Justin Brunelle CS795 6/18/2009.
Session 10: Managing State. Overview State Management Types of State Management Server-Side State Management Client-Side State Management The Global.asax.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Managing State.
State Management. What is State management Why State management ViewState QueryString Cookies.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
The Internet TCIP/IP  TCP/IP stands for Transmission Control Protocol/Internet Protocol, which is a set of networking protocols that allows two or more.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Maintaining State MacDonald Ch. 9 MIS 324 MIS 324 Professor Sandvig Professor Sandvig.
PHP1-1 PHP Lecture 2 Xingquan (Hill) Zhu
Regular Expression (continue) and Cookies. Quick Review What letter values would be included for the following variable, which will be used for validation.
1 Maryland ColdFusion User Group Session Management December 2001 Michael Schuler
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
Cookies & Session Web Technology
Christopher M. Pascucci Basic Structural Concepts of.NET Managing State & Scope.
ASP.NET State Management. Slide 2 Lecture Overview Client state management options Cookies Server state management options Application state Session state.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
PHP Programming with MySQL Slide 10-1 CHAPTER 10 Managing State Information.
COOKIES and SESSIONS. COOKIES A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each.
State Management. Content State Management View State Cross-Page Posting Query String Cookies Session State Application State Muzaffer DOĞAN - Anadolu.
Web Database Programming Week 7 Session Management & Authentication.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
ASP.Net, Web Forms and Web Controls 1 Outline Session Tracking Cookies Session Tracking with HttpSessionState.
Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.
CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.
State Management. Agenda View state Application cache Session state ProfilesCookies.
Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.
IS2802 Introduction to Multimedia Applications for Business Lecture 8: JavaScript and Cookies Rob Gleasure
©SoftMooreSlide 1 Cookies. ©SoftMooreSlide 2 Cookies Basic idea –web application sends a simple name/value pair to the client –when the client connects.
ASP.NET Part II Dr. Awad Khalil Computer Science Department AUC.
8-Mar-16 More About Servlets Session Tracking. Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information:
Sessions and cookies (part 2) MIS 3501, Fall 2015 Brad N Greenwood, PhD Department of MIS Fox School of Business Temple University 11/19/2015.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering
COOKIES Gloria Soria Network Security COSC 356. What is a Cookie? A cookie is a piece of text that a Web Server can store on a user's hard disk. Cookies.
Distributed Web Systems Cookies and Session Tracking Lecturer Department University.
ASP.NET State Management Overview Prepared By Manish Kumar Aery(IM66) Department of computer Application IET Bhaddal (Ropar)
111 State Management Beginning ASP.NET in C# and VB Chapter 4 Pages
Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.
Managing State Chapter 13.
CSE 154 Lecture 20: Cookies.
State Management.
Y.-H. Chen International College Ming-Chuan University Fall, 2004
Session management.
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
MIS Professor Sandvig MIS 324 Professor Sandvig
Cookies Cookie :- A cookie is often used to identify a user. A cookie is often used to identify a user. A cookie is a small file that the server embeds.
HTML5 and Local Storage.
Building ASP.NET Applications
CSc 337 Lecture 27: Cookies.
Cookies A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer.
CSc 337 Lecture 25: Cookies.
Presentation transcript:

Session and Cookie Management in.Net Sandeep Kiran Shiva UIN:

State Management Overview New instance of the Web page class is created each time the page is posted to the server. Http is a stateless protocol! ASP.NET options for State Management: Client Based : View state Control state Hidden fields Cookies Query strings Server Based: Application state Session state Profile Properties

Cookies-Introduction A cookie is a small bit of text that accompanies requests and pages as they go between the Web server and browser. The cookie contains information the Web application can read whenever the user visits the site. A cookie consists of one or more name-value pairs containing bits of information, which may be encrypted for information privacy and data security purposes. Uses: Authentication, Session tracking (state maintenance), Storing site preferences, Shopping cart contents, The identifier for a server-based session, Anything else that can be accomplished through storing textual data.

Write a Cookie: Response.Cookies["userName"].Value = "patrick"; Response.Cookies["userName"].Expires = DateTime.Now.AddDays(1); >>Here, the values of the Cookies() collection are set directly. HttpCookie aCookie = new HttpCookie("lastVisit"); aCookie.Value = DateTime.Now.ToString(); aCookie.Expires = DateTime.Now.AddDays(1); Response.Cookies.Add(aCookie); >>Here, the code creates an instance of an object of type HttpCookie Read a Cookie: if(Request.Cookies["userName"] != null) Label1.Text = Server.HtmlEncode(Request.Cookies["userName"].Value); if(Request.Cookies["userName"] != null) { HttpCookie aCookie = Request.Cookies["userName"]; Label1.Text = Server.HtmlEncode(aCookie.Value); }

Delete a Cookie: HttpCookie aCookie; string cookieName; int limit = Request.Cookies.Count; for (int i=0; i<limit; i++) { cookieName = Request.Cookies[i].Name; aCookie = new HttpCookie(cookieName); aCookie.Expires = DateTime.Now.AddDays(-1); Response.Cookies.Add(aCookie); } Cookie Scope: HttpCookie appCookie = new HttpCookie("AppCookie"); appCookie.Value = "written " + DateTime.Now.ToString(); appCookie.Expires = DateTime.Now.AddDays(1); appCookie.Path = "/Application1"; Response.Cookies.Add(appCookie);

Drawbacks: Cookie Hijacking: Cookie theft is the act of intercepting cookies by an unauthorized party. This issue can be overcome by securing the communication between the user's computer and the server by employing Transport Layer Security (https protocol) to encrypt the connection and using a secure flag. Cross-site Scripting: making the browser itself send cookies to malicious servers that should not receive them. Encrypting cookies before sending them on the network does not help against this attack A way for preventing such attacks is by using the HttpOnly flag

Sample code: public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { if (Request.Cookies["id"] != null) { string userId = Request.Cookies["id"].Value; Response.Write("User Id value" + userId); } HttpCookie cookie = Request.Cookies["user"]; // for safety, always check for NULL. If cookie doesn't exist, it will be NULL if (cookie != null) { string name = cookie["name"]; string age = cookie["age"]; lblCookieExistance.Text += "Multi-valued Cookie exist "; lblCookieExistance.Text += string.Format("Name : {0} Age : {1}", name, age); } else lblCookieExistance.Text = "Cookie not exist"; } protected void CreateCookieClicked(object sender, EventArgs e) { Response.Cookies["id"].Value = "10"; Response.Cookies["id"].Expires = DateTime.Now.AddDays(1); }

protected void btnRemoveCookie_Click(object sender, EventArgs e) { Response.Cookies["id"].Expires = DateTime.Now.AddDays(-1); lblMessage.Text = "Cookie deleted. Try opening the same page in another window of the same browser"; } protected void btnCreateMultiValuedCookie_Click(object sender, EventArgs e) { HttpCookie cookie = new HttpCookie("user"); cookie["name"] = "Foo"; cookie["age"] = "22"; cookie.Expires = DateTime.Now.AddDays(1); Response.Cookies.Add(cookie); lblMessage.Text = "Cookie created“; } Demo …..

Sessions- Introduction ASP.NET session state enables you to store and retrieve values for a user as the user navigates ASP.NET pages in a Web application. Fig : For every client session data store separately

Advantages Of Sessions: It helps to maintain user states and data to all over the application. It can easily be implemented and we can store any kind of object. Stores every client data separately. Session is secure and transparent from user. Session variables allow for customization of a web site. Disadvantages: Performance overhead in case of large volume of user, because of session data stored in server memory. The overuse of Session variables can lead to very unreadable and unmaintainable code.

Session Variables: used to store data about the current user and his session. Storing values in Session Variables: Session["FirstName"] = FNameTB.Text; Session["LastName"] = LNameTB.Text; Retrieving values from Session Variables: //Check weather session variable is null or not if (Session["DataSet"] != null) { //Retrieving Dataset from Session MyDs = (DataSet)Session["DataSet"]; } Else { //Do Something else }

Session ID: Asp.Net use 120 bit identifier to track each session. When client communicate with server, only session id is transmitted. When client request for data, ASP.NET looks on to session ID and retrieves corresponding data.

MethodDescription Session.Remove(strSessionName);Remove an Item from Session State Collection Session.RemoveAll()Remove all items from session collection Session.Clear() Remove all items from session collection Note: There is no difference between Clear and RemoveAll. RemoveAll() calls Clear(), internally. Session.Abandon()Cancels the Current Session Removing Session From Session Variable : Following are the list of methods that are used to removing the session.

Cookieless Sessions: The SessionID() is stored in a non-expiring session cookie in the browser by default. You can specify that session identifiers not be stored in a cookie by setting the cookieless attribute to true in the sessionState section of the Web.config file. ASP.NET maintains cookieless session state by automatically inserting a unique session ID into the page's URL

Reference

Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.