Session and Cookie Management in Net Sandeep Kiran

  • Slides: 16
Download presentation
Session and Cookie Management in. Net Sandeep Kiran Shiva UIN: 00822389

Session and Cookie Management in. Net Sandeep Kiran Shiva UIN: 00822389

State Management Overview • New instance of the Web page class is created each

State Management Overview • New instance of the Web page class is created each time the page is posted to the server. • Http is a stateless protocol! • ASP. NET options for State Management: Client Based : • View state • Control state • Hidden fields • Cookies • Query strings Server Based: • Application state • Session state • Profile Properties

Cookies-Introduction • A cookie is a small bit of text that accompanies requests and

Cookies-Introduction • A cookie is a small bit of text that accompanies requests and pages as they go between the Web server and browser. The cookie contains information the We application can read whenever the user visits the site. • A cookie consists of one or more name-value pairs containing bits of informatio which may be encrypted for information privacy and data security purposes. • Uses: Authentication, Session tracking (state maintenance), Storing site preferences, Shopping cart contents, The identifier for a server-based session, Anything else that can be accomplished through storing textual data.

Write a Cookie: Response. Cookies["user. Name"]. Value = "patrick"; Response. Cookies["user. Name"]. Expires =

Write a Cookie: Response. Cookies["user. Name"]. Value = "patrick"; Response. Cookies["user. Name"]. Expires = Date. Time. Now. Add. Days(1); >>Here, the values of the Cookies() collection are set directly. Http. Cookie a. Cookie = new Http. Cookie("last. Visit"); a. Cookie. Value = Date. Time. Now. To. String(); a. Cookie. Expires = Date. Time. Now. Add. Days(1); Response. Cookies. Add(a. Cookie); >>Here, the code creates an instance of an object of type Http. Cookie Read a Cookie: if(Request. Cookies["user. Name"] != null) Label 1. Text = Server. Html. Encode(Request. Cookies["user. Name"]. Value); if(Request. Cookies["user. Name"] != null) { Http. Cookie a. Cookie = Request. Cookies["user. Name"]; Label 1. Text = Server. Html. Encode(a. Cookie. Value); }

Delete a Cookie: Http. Cookie a. Cookie; string cookie. Name; int limit = Request.

Delete a Cookie: Http. Cookie a. Cookie; string cookie. Name; int limit = Request. Cookies. Count; for (int i=0; i<limit; i++) { cookie. Name = Request. Cookies[i]. Name; a. Cookie = new Http. Cookie(cookie. Name); a. Cookie. Expires = Date. Time. Now. Add. Days(-1); Response. Cookies. Add(a. Cookie); } Cookie Scope: Http. Cookie app. Cookie = new Http. Cookie("App. Cookie"); app. Cookie. Value = "written " + Date. Time. Now. To. String(); app. Cookie. Expires = Date. Time. Now. Add. Days(1); app. Cookie. Path = "/Application 1"; Response. Cookies. Add(app. Cookie);

Drawbacks: • Cookie Hijacking: Cookie theft is the act of intercepting cookies by an

Drawbacks: • Cookie Hijacking: Cookie theft is the act of intercepting cookies by an unauthorized party. This issue can be overcome by securing the communication between the user' computer and the server by employing Transport Layer Security (https protoco to encrypt the connection and using a secure flag. • Cross-site Scripting: making the browser itself send cookies to malicious serv that should not receive them. Encrypting cookies before sending them on the network does not help against this attack A way for preventing such attacks is by using the Http. Only flag

Sample code: public partial class _Default : System. Web. UI. Page { protected void

Sample code: public partial class _Default : System. Web. UI. Page { protected void Page_Load(object sender, Event. Args e) { if (Request. Cookies["id"] != null) { string user. Id = Request. Cookies["id"]. Value; Response. Write("User Id value" + user. Id); } Http. Cookie cookie = Request. Cookies["user"]; // for safety, always check for NULL. If cookie doesn't exist, it will be NULL if (cookie != null) { string name = cookie["name"]; string age = cookie["age"]; lbl. Cookie. Existance. Text += "Multi-valued Cookie exist "; lbl. Cookie. Existance. Text += string. Format("Name : {0} Age : {1}", name, age); } else lbl. Cookie. Existance. Text = "Cookie not exist"; } protected void Create. Cookie. Clicked(object sender, Event. Args e) { Response. Cookies["id"]. Value = "10"; Response. Cookies["id"]. Expires = Date. Time. Now. Add. Days(1); }

 protected void btn. Remove. Cookie_Click(object sender, Event. Args e) { Response. Cookies["id"]. Expires

protected void btn. Remove. Cookie_Click(object sender, Event. Args e) { Response. Cookies["id"]. Expires = Date. Time. Now. Add. Days(-1); lbl. Message. Text = "Cookie deleted. Try opening the same page in another window of the same browser"; } protected void btn. Create. Multi. Valued. Cookie_Click(object sender, Event. Args e) { Http. Cookie cookie = new Http. Cookie("user"); cookie["name"] = "Foo"; cookie["age"] = "22"; cookie. Expires = Date. Time. Now. Add. Days(1); Response. Cookies. Add(cookie); lbl. Message. Text = "Cookie created“; } } Demo …. .

Sessions- Introduction • ASP. NET session state enables you to store and retrieve values

Sessions- Introduction • ASP. NET session state enables you to store and retrieve values for a user as the user navigates ASP. NET pages in a Web application. Fig : For every client session data store separately

Advantages Of Sessions: • It helps to maintain user states and data to all

Advantages Of Sessions: • It helps to maintain user states and data to all over the application. • It can easily be implemented and we can store any kind of object. • Stores every client data separately. • Session is secure and transparent from user. • Session variables allow for customization of a web site. Disadvantages: • Performance overhead in case of large volume of user, because of session data stored in server memory. • The overuse of Session variables can lead to very unreadable and unmaintainable code.

Session Variables: • used to store data about the current user and his session.

Session Variables: • used to store data about the current user and his session. • Storing values in Session Variables: Session["First. Name"] = FName. TB. Text; Session["Last. Name"] = LName. TB. Text; • Retrieving values from Session Variables: //Check weather session variable is null or not if (Session["Data. Set"] != null) { //Retrieving Dataset from Session My. Ds = (Data. Set)Session["Data. Set"]; } Else { //Do Something else }

Session ID: • Asp. Net use 120 bit identifier to track each session. •

Session ID: • Asp. Net use 120 bit identifier to track each session. • When client communicate with server, only session id is transmitted. • When client request for data, ASP. NET looks on to session ID and retrieves corresponding data.

Removing Session From Session Variable : Following are the list of methods that are

Removing Session From Session Variable : Following are the list of methods that are used to removing the session. Method Description Session. Remove(str. Session. Name); Remove an Item from Session State Collection Session. Remove. All() Remove all items from session collection Session. Clear() Remove all items from session collection Note: There is no difference between Clear and Remove. All() calls Clear(), internally. Session. Abandon() Cancels the Current Session

Cookieless Sessions: • The Session. ID() is stored in a non-expiring session cookie in

Cookieless Sessions: • The Session. ID() is stored in a non-expiring session cookie in the browser by default. You can specify that session identifiers not be stored in a cookie by setting the cookieless attribute to true in the session. State section of the Web. config file. <configuration> <system. web> <session. State cookieless="true" /> </system. web> </configuration> • ASP. NET maintains cookieless session state by automatically inserting a unique session ID into the page's URL http: //www. abcdefg. com/s(lit 3 py 55 t 21 z 5 v 55 vlm 25 s 55)/orderform. aspx

Reference • http: //www. codeproject. com/KB/aspnet/Exploring. Session. aspx#2 • http: //en. wikipedia. org/wiki/HTTP_cookie •

Reference • http: //www. codeproject. com/KB/aspnet/Exploring. Session. aspx#2 • http: //en. wikipedia. org/wiki/HTTP_cookie • http: //msdn. microsoft. com/en-us/library/ms 178582. aspx

Thank You!

Thank You!