Working with Cookies in ASP.NET

HTTP which is extensively used in web applications is a stateless protocol. To make a piece of information/data persist between page requests, programmers have to write code in order to achieve this. This is generally called state management. It can be done in two ways:

  1. Client side
  2. Server side

Cookie is a client side state management technique. A cookie is a small piece of information stored on the client side by the server. This small information moves between the client and the server along with the page requests and responses. That means a web server can read this information when a client requests for a page.

Cookies are basically used to store user specific information. For example, the last visit date time or user preferences etc

In this article We are going to create an web site and create two pages :

  • PageOne.aspx and
  • PageTwo.aspx

On PageOne.aspx we will create a new cookie and on the PageTwo.aspx, we will read cookie value.

As we have said that the server stores the cookie on client side, we can say that the server achieves this through the RESPONSE object. Now we can create and send a cookie to the client.

Creating a cookie :

On PageOne.aspx we have placed a TextBox and a button and on the click of the button, we are going to store the value in the textbox in a cookie.

protected void btnStoreCookie_Click(object sender, EventArgs e)
     Response.Cookies["Username"].Value = txtUsername.Text;
     Response.Cookies["Username"].Expires = DateTime.Now.AddMinutes(5);

Cookies in ASP.NET

The RESPONSE object has the Cookies collecton in which we can store the values, the above given code creates a cookie "username" and stores the text box value in it.
The expiration time is set to 5 minutes. After 5 minutes, the cookie gets automatically deleted from the user's disk.

Retrieve a cookie value :

Now we will read a cookie value on PageTwo.aspx page. For every request, the cookie is sent to the server from the client in a page request. So we can read the cookie value using a RESPONSE object.

protected void Page_Load(object sender, EventArgs e)
     if (Request.Cookies["Username"] != null)
         Response.Write("The currently logged in user is : " + Request.Cookies["Username"].Value);
         Response.Write("No cookie found");

Now we test if we have created a cookie successfully on not!

Run the project to browse the PageOne.aspx page. Enter some value in the text box and click the store cookie button.

Now close the browser. Run the project with PageTwo.aspx as a start page or naviagate to PageTwo.aspx in the browser.

You will see the value that you stored into the cookie is shown.

ASP.NET Cookies

Now, browse the PageTwo.aspx page after 5 minutes and you will see that the cookie has been deleted. A cookie can be deleted explicitly. This can be done by setting the expires property to a negative value


protected void btnDeleteCookie_Click(object sender, EventArgs e)
     HttpCookie deleteCookie = new HttpCookie("Username");
     deleteCookie.Expires = DateTime.Now.AddDays(-1);

Cookies are recommended only when the server needs to store a very small piece of information on the client side.

This information should never be critical/personal/or some information that should not be disclosed to intruders.

Also, the server code cannot always rely on the cookie information as the cookies can also be deleted by the client.

Number of cookies that can be stored depends upon the browser. Also, the size of cookies in a browser are generally limited to 4kb.