"Disappearing cookies": any change in ASP.NET 2.0?

[Guest]

While I was learning about baking cookies in ASP.NET, I also ran across this
interesting article that outlined a few bombs to watch out for when using
cookies in ASP.NET:

http://www.codeproject.com/aspnet/aspnetcookies.asp

The "disappearing cookie" syndrome that the author describes seems
problematic:

<quote> If you try to access a cookie that doesn't exist in the
Response.Cookies collection, it will be created with an empty string in the
Value and an Expires date of 01-Jan-0001 00:00. Strangely, it also creates a
matching cookie in the Request.Cookies collection if one doesn't already
exist. </quote>

The author goes on to describe how this can bite you if you're doing
conditional tests for the existence of a cookie.

Will this behavior change in ASP.NET 2.0?

 

[Steven Cheng[MSFT]]

Hi Kenfine,

Welcome to ASPNET newsgroup.
I've also noticed your another thread about asp.net's cookie.
As for the problem prone behavior of the Response.Cookies collection you
mentioned,

================
<quote> If you try to access a cookie that doesn't exist in the
Response.Cookies collection, it will be created with an empty string in the
Value and an Expires date of 01-Jan-0001 00:00. Strangely, it also creates
a
matching cookie in the Request.Cookies collection if one doesn't already
exist. </quote>
================

in fact it is due to the HttpCookieCollection's getter accesor's
implementation, which will create a empty item and add it when we try
accessing an item which doestn't exist orginally. Also, I've checked the
current beta2 version of the .NET framework and found that the
HttpCookieCollection remain the same implementation as the one in 1.x.
Generally, for the cookie accessing, we recommend that we use the
HttpCookieCollection.keys property to verify the existence of the item's
key first before accessing the actual item which will be much more graceful
and safer.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)






--------------------
| Reply-To: "(e-mail address removed)" <[email protected]>
| From: <[email protected]>
| Subject: "Disappearing cookies": any change in ASP.NET 2.0?
| Date: Tue, 16 Aug 2005 18:58:17 -0700
| Lines: 21
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: idea.urel.washington.edu 128.95.9.12
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:118480
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| While I was learning about baking cookies in ASP.NET, I also ran across
this
| interesting article that outlined a few bombs to watch out for when using
| cookies in ASP.NET:
|
| http://www.codeproject.com/aspnet/aspnetcookies.asp
|
| The "disappearing cookie" syndrome that the author describes seems
| problematic:
|
| <quote> If you try to access a cookie that doesn't exist in the
| Response.Cookies collection, it will be created with an empty string in
the
| Value and an Expires date of 01-Jan-0001 00:00. Strangely, it also
creates a
| matching cookie in the Request.Cookies collection if one doesn't already
| exist. </quote>
|
| The author goes on to describe how this can bite you if you're doing
| conditional tests for the existence of a cookie.
|
| Will this behavior change in ASP.NET 2.0?
|
|
|

 

[Juan T. Llibre]

Have you tried testing for it ?