Search code examples
asp.netcookiessession-cookieshttpcookie

I can't read cookies in master or other pages

I create some cookies in logon.aspx.cscodebehind thatc read and contain user info from DB with data reader . 

HttpCookie UID = new HttpCookie("ID");
Response.Cookies["UID"].Value = Recordset[0].ToString();
Response.Cookies.Add(UID);
HttpCookie UName = new HttpCookie("Username");
Response.Cookies["Username"].Value = Recordset[3].ToString();
Response.Cookies.Add(UName);
HttpCookie Pass = new HttpCookie("Pass");
Response.Cookies["Pass"].Value = Recordset[4].ToString();
Response.Cookies.Add(Pass);
HttpCookie Admins = new HttpCookie("Admin");
Response.Cookies["Admin"].Value = Recordset[12].ToString();
Response.Cookies.Add(Admins);
HttpCookie Mails = new HttpCookie("Emails");
Response.Cookies["Emails"].Value = Recordset[9].ToString();
Response.Cookies.Add(Mails);
Response.Redirect("../default.aspx");

when i trace the code every thing is good and data hold by cookies.
Now when i read these cookies in master page or other content page, i can't.
in other worlds the cookies not recognize by their names(or keys) 

if (Request.Cookies["Username"] !=null)
{
    lblWelcomeUser.Text = Server.HtmlEncode(Request.Cookies["Username"].Value);
    pnlUsersNavigation.Visible = true;
    LoginMenu.Visible = false;
    RegisterMenu.Visible = false;
    lblWelcomeUser.Text = Server.HtmlEncode(Request.Cookies["Username"].Value);
    //lblWelcomeUser.Text = Request.Cookies["Username"].Value.ToString();
    if (Request.Cookies["Admin"].Value.ToString()=="True")
    {
        lblWelcomeUser.Text = "WELCOME ADMIN";
        // Show Menu that is only for Admin
    }

where is the problem in this code?

Solution

  • It appears that you might be overwriting the cookie with a good value, with a new empty cookie.

    // new cookie created - empty
HttpCookie UName = new HttpCookie("Username");

// new cookie created with a value
Response.Cookies["Username"].Value = Recordset[3].ToString();

// overwrite new cookie with value with new empty cookie
Response.Cookies.Add(UName);

    Create the cookie, set the value, then add the cookie to the response.

    HttpCookie UName = new HttpCookie("Username");
UName.Value = Recordset[3].ToString();
Response.Cookies.Add(UName);

    Also note that as Paul Grimshaw pointed out, you can add multiple values to the same cookie.

    Download Fiddler to check request/response to ensure your cookies contain the correct values and such... http://fiddler2.com/get-fiddler

    Also be careful about Man-in-the-middle attacks. Storing usernames and passwords in plain text is not such a good idea to begin with.