Cookies in ASP.Net

First I want to thank all the readers who have read my previous articles.

Today I am here to explain cookies in ASP.Net. You have seen “Remember Me” in every login portal or website. I will tell you how it works in this demo.


It is a small text file stored in a client local machine or in the memory of a client browser session. It is used to state management. We can store a small piece of information in this file. It stores information in a plain text file.

How It Works

When the client sends a request to the server then the server sends response cookies with a session Id. If the cookies are saved the first time then the cookies are used for subsequent requests.

I am giving you a small demonstration. In this demonstration I will show you how to use use cookies and what “Remember Me” is.

Cookies in

When the user logs in with “Remember Me” selected then cookies play an important role. If Remember Me is selected then cookies will be created with the userid and an encrypted word. Cookies are easily readable for every user in the local machine. That’s why I use md5 to encryt my word for cookies.

  • Check cookies on Page_Load:
    1. HttpCookie _objCookie = Request.Cookies["Test"];  
    3.         if (_objCookie != null)  
    4.         {  
    5.             bool bCheck = IsValidAuthCookie(_objCookie, "encrypt");  
    6.             if (bCheck)  
    7.             {  
    8.                 Response.Redirect("WelcomePage.aspx?User=" + Convert.ToString(_objCookie.Value.ToString().Split('|')[0]) + "");  
    9.             }  
    10.         }  

I check cookies on the login page load every time. If cookies exist then I redirect the welcome.aspx directly.

  • LoginButton_Click
    1. bool IsLogin = IsValidLogin(txtUserId.Text.Trim(), txtword.Text.Trim());    
    2. if (IsLogin)    
    3. {    
    4.     if (chkRememberMe.Checked)    
    5.     {    
    6.         CreateAuthCookie(txtUserId.Text.Trim(), txtword.Text.Trim(), "encrypt");    
    7.      }    
    8.      Response.Redirect("WelcomePage.aspx?User=" + txtUserId.Text.Trim() + "");    
    9. }

If “Remember me” is checked then I create cookies with User Id and encrypted word.

Suppose you login with “Remember me” checked and close the application without LogOut. Now when you open again your login page it will redirect you to the welcome.aspx page automatically. And if you logout the application then your cookies will be removed. You will see this scenario on, and so on.

  • Create Hash word with Md5 encryption as in the following:
    1. public string CreateHash(string word, string salt)  
    2. {  
    3.     // Get a byte array containing the combined word + salt.  
    4.     string authDetails = word + salt;  
    5.     byte[] authBytes = System.Text.Encoding.ASCII.GetBytes(authDetails);  
    7.     // Use MD5 to compute the hash of the byte array, and return the hash as  
    8.     // a Base64-encoded string.  
    9.     var md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();  
    10.     byte[] hashedBytes = md5.ComputeHash(authBytes);  
    11.     string hash = Convert.ToBase64String(hashedBytes);  
    13.     return hash;  
    14. }  


  • Cookies do not require any server resources since they are stored on the client.
  • Cookies are easy to implement.


  • Cookies can be disabled on user browsers
  • Cookies are transmitted for each HTTP request/response causing overhead on bandwidth
  • No security for sensitive data.

You can download the attachment for reference.

THANKS for reading this article. If there is any mistake in concept then please comment.

Read more >> Cookies in ASP.NET