What are cookies? Why are they used? How are they different to a
session? Create a page that asks your name and creates a cookie about your name
Ans
What is a cookie?
Cookies are usually
small text files, given ID tags that are stored on your computer's browser
directory or program data subfolders. Cookies are created when you use your
browser to visit a website that uses cookies to keep track of your movements
within the site, help you resume where you left off, remember your registered
login, theme selection, preferences, and other customization functions.The
website stores a corresponding file(with same ID tag)to the one they set in
your browser and in this file they can track and keep information on your
movements within the site and any information you may have voluntarily given
while visiting the website, such as email address.
Cookies are often
indispensable for websites that have huge databases, need logins, have
customizable themes, other advanced features.
Cookies usually
don't contain much information except for the url of the website that created
the cookie, the duration of the cookie's abilities and effects, and a random
number. Due to the little amount of information a cookie contains, it usually
cannot be used to reveal your identity or personally identifying
information.However, marketing is becoming increasingly sophisticated and
cookies in some cases can be agressively used to create a profile of your
surfing habits.
There are two types
of cookies: session cookies and persistent cookies. Session cookies are created
temporarily in your browser's subfolder while you are visiting a website. Once
you leave the site, the session cookie is deleted. On the other hand,
persistent cookie files remain in your browser's subfolder and are activated
again once you visit the website that created that particular cookie. A
persistent cookie remains in the browser's subfolder for the duration period
set within the cookie's file.
A cookie is a small
file of letters and numbers downloaded on to your computer when you access
certain websites. Like virtual door keys, cookies unlock a computer's memory
and allow a website to recognise users when they return to a site by opening
doors to different content or services. Like a key, a cookie itself does not
contain information, but when it is read by a browser it can help a
website improve the service delivered.
Cookie files are
automatically lodged into the cookie file - the memory of your
browser - and each one typically contains:
·
The name of
the server the cookie was sent from
·
The lifetime of
the cookie
·
A value - usually
a randomly generated unique number
The website server
which sent the cookie uses this number to recognise you when you return to a
site or browse from page to page. Only the server that sent a cookie can read,
and therefore use, that cookie.
A cookie is a
text-only string of information that a website transfers to the cookie file of
the browser on the hard disk of computers so that the website can remember who
you are.
A cookie will
typically contain the name of the domain from which the cookie has come, the
"lifetime" of the cookie, and a value, usually a randomly generated
unique number. Two common types of cookies are used on most websites-session
cookies, which are temporary cookies that remain in the cookie file of your
browser until you leave the site, and persistent cookies, which remain in the
cookie file of your browser for much longer (though how long will depend on the
lifetime of the specific cookie).
Use of cookies
Some of our web
pages use cookies. A cookie is a text-only string of information that a website
transfers to the cookie file of the browser on your computer's hard disk so that
the website can remember who you are.
When you access our
website or login to our secure area we send you an encrypted session cookie. A
session cookie is a temporary cookie that only remains in the cookie file of
your browser until you leave the site. This cookie is used to validate your
access to different parts of the site.
This website
uses Google Analytics, a web analytics service provided byGoogle, Inc.
Google Analytics uses cookies to help this website analyse how users use the
site.
different between
cookies and session
Cookie is a client side
storage of your variables. It stored on client machine by browser physically.
It's scope is machine wide. Different users at same machine can read same
cookie.
Because of this :
1.
You should not store sensitive
data on cookie.
2.
You should not store
data that belongs to one user account.
3.
Cookie has no effect on
server resources.
4.
Cookie expires at
specified date by you.
Session is a server side
storage of your variables. Default, it stored on server's memory. But you can
configure it to store at SqlServer. It's scope is browser wide. Same user can
run two or more browsers and each browser has it's own session.
Because of this :
1.
You can save sensitive
data in session.
2.
You should not save
everything in session. it's waste of server resources.
3.
After user closes
browser, session timeout clears all information. (default is 20 minutes)
A cookie can
keep information in the user's browser until deleted. If a person has a login
and password, this can be set as a cookie in their browser so they do not have
to re-login to your website every time they visit. You can store almost
anything in a browser cookie. The trouble is that a user can block cookies or
delete them at any time. If, for example, your website's shopping cart utilized
cookies, and a person had their browser set to block them, then they could not
shop at your website.
Sessions are not reliant on the user allowing a cookie. They
work instead like a token allowing access and passing information while the user
has their browser open. The problem with sessions is that when you close your
browser you also lose the session. So, if you had a site requiring a login,
this couldn't be saved as a session like it could as a cookie, and the user
would be forced to re-login every time they visit.
Cookies
Cookies are
stored per-user on the users machine. A cookie is usually just a bit of
information. Cookies are usually used for simple user settings colours
preferences ect. No sensitive information should ever be stored in a
cookie.
You can never fully
trust that a cookie has not been tampered with by a user or outside source
however if security is a big concern and you must use cookies then you can
either encrypt your cookies or set them to only be transmitted over SSL. A user
can clear there cookies at any time or not allow cookies altogether so you
cannot count on them being there just because I user has visited your site in
the past.
//add a username
Cookie
Response.Cookies["userName"].Value
= "EvilBoy";
Response.Cookies["userName"].Expires
= DateTime.Now.AddDays(10);
//Can Limit a cookie
to a certain Domain
Response.Cookies["domain"].Domain
= "Stackoverflow.com";
//request a username
cookie
if(Request.Cookies["userName"]
!= null)
lblUserName.Text = Server.HtmlEncode(Request.Cookies["userName"].Value);
Sessions
Sessions are
stored per-user in memory(or an alternative Session-State) on the server.
Sessions use a cookie(session key) to tie the user to the session. This
means no "sensitive" data is stored in the cookie on the users
machine.
Sessions are
generally used to maintain state when you navigate through a website. However,
they can also be used to hold commonly accessed objects. Only if the
Session-state is set to InProc, if set to another Session-State
mode the object must also serializable.
Session["userName"]
= "EvilBoy";
if(Session["userName"]
!= null)
lblUserName.Text =
Session["userName"].ToString();
No comments:
Post a Comment