0

It seems from msdn(comment at the page bottom), if you set the Expires property of a HttpCookie, it becomes a persistent cookie stored in the temp internet files folder. What to do if I want it to remain a session cookie (which means when you close the browser, it's gone), but still want to set the expiration time, say to 30 minutes? When you use the ASP.NET Membership API, you can set the expiration of a session cookie(the authentication cookie) in web.config, so it means there must be a way to set session cookie's expiration time.

Aperture
  • 2,387
  • 4
  • 25
  • 47
  • If what you want is a session cookie... why will you want to set an expiration date? what you should do in your example is to kill the user session after an specific time and with it, the cookie will also expire. – Ricardo Sanchez Jun 15 '12 at 03:21
  • @Ricardo: Let's say user logon to internet banking and it should time out in 30 minutes since logon, but user does not close browser the whole day, then the session cookie won't expire for a whole day! How do I best approach this issue? – Aperture Jun 15 '12 at 04:16
  • This answer might help: http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes – Ricardo Sanchez Jun 18 '12 at 16:39
  • 1
    You appear to be confusing login with cookie expiration. There is no reason login time can't easily be shorter than any cookie that signifies it. Unless your cookie *is* your login (rather than a token of it), in which case you have bigger problems. – Andrew Barber Jun 18 '12 at 23:21

3 Answers3

2

Taking into account your requirement I'd say that unless you have a very strong reason to use cookies you should be using the Session object.

If you're not storing a "big" amount of information on this cookie and / or the number of users is not expected to be considerable this seems to be the best option.

Claudio Redi
  • 67,454
  • 15
  • 130
  • 155
1

Have you tried something like this:

this.Response.Cookies["d"].Expires = DateTime.Now.AddMinutes(30);
Jupaol
  • 21,107
  • 8
  • 68
  • 100
  • If you do that, the cookie would become a persistent cookie to be found in the temp internet files folder. – Aperture Jun 15 '12 at 02:10
  • @Aperture So? Why are you trying to avoid a browser implementation detail? – vcsjones Jun 15 '12 at 02:11
  • 1
    There are only persisted cookies and tmp cookies, when you set the `Expires` property you make a cookie persisted. Could you explain: what and **why** you are trying to accomplish – Jupaol Jun 15 '12 at 02:15
  • this would cause the cookie to be persistent and is what the user don't want – StackOverflower Jun 15 '12 at 02:56
1

You could perhaps add another cookie (also a session cookie) which contains a DateTime that tells your application how long the first cookie is valid. Then everytime your application reads the first cookie it would also check the new cookie to see if it's still valid.

I think this is more or less how the membership is doing it. Although in that case there is just one cookie, but that cookie contains several fields (pieces of information).

user1429080
  • 9,086
  • 4
  • 31
  • 54