Popular Topics

Topics

About

Policies

Our Network

More

HomeBlogs.NET ProgrammingHow to work with cookies in ASP.NET Core
Joydip Kanjilal
by Joydip Kanjilal
Contributor

How to work with cookies in ASP.NET Core

how-to
Nov 04, 20195 mins
C#Microsoft .NETSoftware Development

Take advantage of cookies to store and retrieve user-specific information in your ASP.NET Core web application.

thinkstockphotos cookies
Credit: Nastco/Thinkstock

A cookie is a piece of data typically used to store information about the user and is stored on the user’s computer. In most browsers each cookie is stored as a small file, but in Firefox they are stored all together in a single file. Cookies are represented as key-value pairs, and you can take advantage of the keys to read, write, or delete cookies.

ASP.NET Core uses cookies to maintain session state; the cookie that contains the session ID is sent to the client with each request. This article presents a discussion of how we can work with cookies in ASP.NET Core.

To work with the code examples provided in this article, you should have Visual Studio 2019 installed in your system. If you don’t already have a copy, you can download Visual Studio 2019 here.

Create an ASP.NET Core MVC project in Visual Studio

First off, let’s create an ASP.NET Core MVC project in Visual Studio 2019. Assuming Visual Studio 2019 is installed in your system, follow the steps outlined below to create a new ASP.NET Core MVC project in Visual Studio.

  1. Launch the Visual Studio IDE.
  2. Click on “Create new project.”
  3. In the “Create new project” window, select “ASP.NET Core Web Application” from the list of templates displayed.
  4. Click Next.
  5. In the “Configure your new project” window, specify the name and location for the new project.
  6. Optionally, select the “Place solution and project in the same directory” check box.
  7. Click Create.
  8. In the “Create a New ASP.NET Core Web Application” window shown next, select .NET Core as the runtime and ASP.NET Core 2.2 (or later) from the drop-down list at the top.
  9. Select “Web Application (Model-View-Controller)” as the project template to create a new ASP.NET Core MVC application. 
  10. Ensure that the check boxes “Enable Docker Support” and “Configure for HTTPS” are unchecked as we won’t be using those features here.
  11. Ensure that Authentication is set to “No Authentication” as we won’t be using authentication here either.
  12. Click Create. 

You should now have a new ASP.NET Core MVC project ready to go in Visual Studio. We’ll use this project in the subsequent sections of this article.

You can read a cookie from the Request.Cookies collection. The following code snippet illustrates how you can read a cookie from the Request object in ASP.NET Core.

string cookie = Request.Cookies["Key"];

If you would like to specify the expiration time of the cookie, you can use the overloaded version of the Append method as shown in the code snippet given below.

CookieOptions option = new CookieOptions(); 
option.Expires = DateTime.Now.AddMilliseconds(10); 
Response.Cookies.Append(key, value, option); 

The CookieOptions class enables you to specify the following additional properties when creating a cookie:

  • Domain — used to specify the domain associated with a cookie
  • Expiration time — used to specify the expiration time of the cookie
  • Path — used to specify the cookie path
  • Security policy — used to specify if the cookie is accessible over HTTPS
  • HttpOnly — used to specify if the cookie is available only to the server

To write a cookie you can take advantage of the Append method pertaining to the Request object. The following code snippet illustrates how this can be achieved.

Response.Cookies.Append(somekey, somevalue);

To remove a cookie, you can use the Delete method of the Cookies collection pertaining to the Request object. The following code snippet shows how this can be achieved.

Response.Cookies.Delete(somekey);

Access HttpContext in ASP.NET Core

In this section we’ll examine how we can work with cookie data in ASP.NET Core. We’ll need to access the HttpContext to be able to access the Request object. You can access the HttpContext in ASP.NET Core using the IHttpContextAccessor interface. The HttpContextAccessor class implements this interface.

First you should register IHttpContextAccessor for dependency injection. The following code snippet illustrates how you can add a singleton service of type HttpContextAccessor in the ConfigureServices method of the Startup class.

public void ConfigureServices(IServiceCollection services)
        {
            services.AddSingleton<IHttpContextAccessor,
            HttpContextAccessor>();
            //Other code
        }

You can take advantage of dependency injection to get a reference to the IHttpContextAccessor instance. This will in turn provide you a reference to HttpContext.

The following code snippet illustrates how you can access the IHttpContextAccessor instance in the controller. Note that HomeController is created by default when you create a new ASP.NET Core MVC project in Visual Studio.

public class HomeController : Controller
{
  private readonly IHttpContextAccessor _httpContextAccessor;
  public HomeController(IHttpContextAccessor httpContextAccessor)
  {
     this._httpContextAccessor = httpContextAccessor;
  }   
  //Write your action methods here
}

You can use the following method to write cookie data in your controller.

public IActionResult Write(string key, string value, bool isPersistent)
  {
       CookieOptions options = new CookieOptions();
       if (isPersistent)
           options.Expires = DateTime.Now.AddDays(1);
       else
           options.Expires = DateTime.Now.AddSeconds(10);
       _httpContextAccessor.HttpContext.Response.Cookies.Append
       (key, value, options);
       return View("WriteCookie");
  }

Once the cookie data has been written successfully, you can use the following method to read cookie data in your controller.

public IActionResult Read(string key)
  {
       ViewBag.Data =
       _httpContextAccessor.HttpContext.Request.Cookies[key];
       return View("ReadCookie");
  }

To check if a cookie has been written properly, you can inspect the cookie cache of your web browser. In a future post, we’ll examine how we can work with cookie-based authentication and authorization in ASP.NET Core.

Joydip Kanjilal
by Joydip Kanjilal
Contributor

Joydip Kanjilal is a Microsoft Most Valuable Professional (MVP) in ASP.NET, as well as a speaker and the author of several books and articles. He received the prestigious MVP award for 2007, 2008, 2009, 2010, 2011, and 2012.

He has more than 20 years of experience in IT, with more than 16 years in Microsoft .Net and related technologies. He has been selected as MSDN Featured Developer of the Fortnight (MSDN) and as Community Credit Winner several times.

He is the author of eight books and more than 500 articles. Many of his articles have been featured at Microsoft’s Official Site on ASP.Net.

He was a speaker at the Spark IT 2010 event and at the Dr. Dobb’s Conference 2014 in Bangalore. He has also worked as a judge for the Jolt Awards at Dr. Dobb's Journal. He is a regular speaker at the SSWUG Virtual Conference, which is held twice each year.

More from this author

Show me more

feature

What is Rust? Safe, fast, and easy software development

By Serdar Yegulalp
Nov 20, 202411 mins
RustProgramming LanguagesSoftware Development
Image
how-to

Kotlin for Java developers: Classes and coroutines

By Matthew Tyson
Nov 20, 20249 mins
JavaKotlinProgramming Languages
Image
analysis

Azure AI Foundry tools for changes in AI applications

By Simon Bisson
Nov 20, 20247 mins
Microsoft AzureGenerative AIDevelopment Tools
Image
video

Building Python wheels to distribute your programs

Nov 15, 20246 mins
PythonSoftware Development
Image
video

Creating a pip install-able Python package

Nov 14, 20243 mins
PythonSoftware Development
Image
video

How to get better web requests in Python with httpx

Oct 07, 20244 mins
Python
Image