A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state

information to a user's browser and for the browser to return the state information to the origin site.[1] The state information can be used for authentication, identification of a user session, user's preferences, shopping cart contents, or anything else that can be accomplished through storing text data on the user's computer. Cookies are not software. They cannot be programmed, cannot carry viruses, and cannot install malware on the host computer .[2] However, they can be used by spyware to track user's browsing activities a major privacy concern that prompted European and US law makers to take action.[3] [4] Cookies can also be stolen by hackers to gain access to a victim's web account.[5]

Session cookie
A session cookie[12] only lasts for the duration of users using the website. A web browser normally deletes session cookies when it quits. A session cookie is created when no Expires directive is provided when the cookie is created.

[edit] Persistent cookie

A persistent cookie[12] will outlast user sessions. If a persistent cookie has its Max-Age set to 1 year, then, within the year, the initial value set in that cookie would be sent back to the server every time the user visited the server. This could be used to record a vital piece of information such as how the user initially came to this website. For this reason, persistent cookies are also called tracking cookies or in-memory cookies.

[edit] Secure cookie

A secure cookie is only used when a browser is visiting a server via HTTPS, ensuring that the cookie is always encrypted when transmitting from client to server. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.

[edit] HttpOnly cookie

The HttpOnly cookie is supported by most modern browsers.[13][14] On a supported browser, an HttpOnly session cookie will be used only when transmitting HTTP (or HTTPS) requests, thus restricting access from other, non-HTTP APIs (such as JavaScript). This restriction mitigates but does not eliminate the threat of session cookie theft via Cross-site scripting.[15] This feature applies only to session-management cookies, and not other browser cookies.

[edit] Third-party cookie

First-party cookies are cookies set with the same domain (or its subdomain) in your browser's address bar. Third-party cookies are cookies being set with different domains

than the one shown on the address bar (i.e. the web pages on that domain may feature content from a third-party domain - e.g. an advertisement run by www.advexample.com showing advert banners). For example: Suppose a user visits www.example1.com, which sets a cookie with the domain ad.foxytracking.com. When the user later visits www.example2.com, another cookie is set with the domain ad.foxytracking.com. Eventually, both of these cookies will be sent to the advertiser when loading their ads or visiting their website. The advertiser can then use these cookies to build up a browsing history of the user across all the websites this advertiser has footprints on.

Handling cookies in ASP .NET

How to create a cookie, how to get the value stored in a cookie, set the lifetime, path and domain for a cookie, edit a cookie, delete a cookie, remove subkeys from a cookie... How to create a cookie. Here's a new cookie named cakes.
HttpCookie myCookie = new HttpCookie("cakes");

We created the cookie but there are no keys with values in it, so for now it's useless. So let's add some:

myCookie.Values.Add("muffin", "chocolate"); myCookie.Values.Add("babka", "cinnamon");

We also need to add the cookie to the cookie collection (consider it a cookie jar
Response.Cookies.Add(myCookie);

):

How to get the value stored in a cookie. Here's how to get the keys and values stored in a cookie:
Response.Write(myCookie.Value.ToString());

The output to using this with the previous created cookie is this: "muffin=chocolate&babka=cinnamon".

However, most of the time you'll want to get the value stored at a specific key. If we want to find the value stored at our babka key, we use this:
Response.Write(myCookie["babka"].ToString());

Set the lifetime for a cookie. You can easily set the time when a cookie expires. We'll set the Expires property of myCookie to the current time + 12 hours:

myCookie.Expires = DateTime.Now.AddHours(12);

This cookie will expire in twelve hours starting now. You could as well make it expire after a week:
myCookie.Expires = DateTime.Now.AddDays(7);

Also note that if you don't set a cookie's expiration date & time a transient cookie will be created - a cookie which only exists in the current browser instance. So if you want the cookie to be stored as a file you need to set this property. Setting the cookie's path. Sometimes you'll want to set a path for a cookie so that it will be available only for that path in your website (ex.: www.geekpedia.com/forums). You can set a cookie's path with the Path property:

myCookie.Path = "/forums";

Setting the domain for a cookie.

Perhaps instead of using http://www.geekpedia.com/forums path style to your forums, you would use a subdomain like http://forums.geekpedia.com. The Domain property should do it:

myCookie.Domain = "forums.geekpedia.com";

How to edit a cookie. You don't actually edit a cookie, you simply overwrite it by creating a new cookie with the same key(s).

How to destroy / delete a cookie. There's no method called Delete which deletes the cookie you want. What you can do if you have to get rid of a cookie is to set its expiration date to a date that has already passed, for example a day earlier. This way the browser will destroy it.

myCookie.Expires = DateTime.Now.AddDays(-1);

How to remove a subkey from a cookie. This is one of the problems I encountered with cookies. Fortunately I found an answer on MSDN. You can use the Remove method:

myCookie.Values.Remove("babka");

However, you don't usually remove a subkey immediatly after creating it, so first we need to retrieve the cookie, remove the subkey and then add it back to the Cookies collection:

// Get the cookie from the collection (jar) myCookie = Request.Cookies["cakes"]; // Remove the key 'babka' myCookie.Values.Remove("babka"); // Add the cookie back to the collection (jar) Response.Cookies.Add(myCookie); // See what's in the cookie now Response.Write(myCookie.Values.ToString());