Share via


Response.Cookies Collection

The Cookies collection sets the value of a cookie. If the specified cookie does not exist, it is created. If the cookie exists, it takes the new value, and the old value is discarded.

Cookies should never be used to store secure data, such as passwords. Cookies are transmitted as clear text. If a malicious user taps an Internet connection, then they can take cookie data to impersonate a client and gain access to their data. If you must transmit sensitive data, do so on a Secure Sockets Layer (SSL) connection. For more information on SSL, see "Secure Sockets Layer" in IIS Help, which is accessible from IIS Manager.

Syntax

Response.Cookies( cookie )[(key)| **.**attribute] **=**value

Parameters

  • cookie
    The name of the cookie.

  • key
    An optional parameter. If key is specified, Cookie is a dictionary, and key is set to value.

  • attribute
    Specifies information about the Cookie itself. The attribute parameter can be one of the following.

    Name

    Description

    Domain

    Write-only. If specified, the Cookie is sent only to requests to this domain.

    Expires

    Write-only. The date on which the Cookie expires. This date must be set in order for the Cookie to be stored on the client's disk after the session ends. If this attribute is not set to a date beyond the current date, the Cookie expires when the session ends.

    HasKeys

    Read-only. Specifies whether the cookie contains keys.

    Path

    Write-only. If specified, the Cookie is sent only to requests to this path. If this attribute is not set, the application path is used.

    Secure

    Write-only. Specifies whether the Cookie is secure.

  • Value
    Specifies the value to assign to key or attribute.

Applies To

Response Object

Remarks

If a Cookie with a key is created, as shown in the following script,

<%  
  Response.Cookies("mycookie")("type1") = "sugar" 
  Response.Cookies("mycookie")("type2") = "ginger snap" 
%>  

The following header is sent:

Set-Cookie:MYCOOKIE=TYPE1=sugar&TYPE2=ginger+snap 

A subsequent assignment to myCookie without specifying a key would destroy the type1 and type2 keys, as shown in the following example:

<% Response.Cookies("myCookie") = "chocolate chip" %>  

In the preceding example, the type1 and type2 keys are destroyed and their values are discarded. The myCookie cookie now has the value chocolate chip.

Conversely, if you use a Cookie with a key, it destroys any nonkey values that the Cookie contained. For example, if after the preceding code you call Response.Cookies with the following:

<% Response.Cookies("myCookie")("newType") = "peanut butter" %>  

The value chocolate chip is discarded and newType would be set to peanut butter.

To determine whether a cookie has keys, use the following syntax:

<%= Response.Cookies("myCookie").HasKeys %>  

If myCookie is a cookie dictionary, the preceding value is TRUE. Otherwise, it is FALSE.

You can use an iterator to set cookie attributes. For example, to set all of the cookies to expire on a particular date, use the following syntax:

<%  
  For Each cookie in Response.Cookies 
    Response.Cookie(cookie).Expires = #July 4, 1997# 
  Next 
%>  

You can also iterate through the values of all the cookies in a collection, or all the keys in a cookie. However, if you try to iterate through the values for a cookie that does not have keys, nothing will be returned. To avoid this, you can first use the .HasKeys syntax to check whether a cookie has any keys, as shown in the following example.

<%  
  If Not cookie.HasKeys Then 
    'Set the value of the cookie.  
    Response.Cookies(cookie) = "" 
  Else 
    'Set the value for each key in the cookie collection. 
    For Each key in Response.Cookies(cookie) 
      Response.Cookies(cookie)(key) = "" 
    Next 
%>  

Example Code

The following examples demonstrate how you can set a value for a cookie and assign values to its attributes.

Warning

Do not store sensitive data, such as passwords or account numbers in cookies.

For more detailed information on security, see MS Press - Writing Secure Code.

<% 
  Response.Cookies("Type") = "Chocolate Chip" 
  Response.Cookies("Type").Expires = "July 31, 2001" 
  Response.Cookies("Type").Path = "/" 
%> 

Requirements

Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.

Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.

Product: IIS

See Also