6

I want my cookie to disappear when the user closes their brower-- I've already set some promising looking properties, but my cookies pop back to live even after closing the entire browser.

HttpCookie cookie = new HttpCookie("mycookie", "abc");
cookie.HttpOnly = true; //Seems to only affect script access
cookie.Secure = true; //Seems to affect only https transport

What property or method call am I missing to achieve an in memory cookie?

MatthewMartin
  • 32,326
  • 33
  • 105
  • 164

6 Answers6

7
cookie.Expires = DateTime.MinValue;

this cookie will expire, as soon as the browser is closed.

nothrow
  • 15,882
  • 9
  • 57
  • 104
7

Cookies without an expiration explicitly set will automatically go away once the browsing session is over.

Now, "browsing session" means different things to different browsers. For some browsers it means that every instance of the browser is closed. For some it just means that the relevant tabs or original browser is closed.

In your testing make sure you close EVERY instance of the browser before reopening to look for the cookie. If you continue to have problems post the browser name and revision.

NotMe
  • 87,343
  • 27
  • 171
  • 245
4

If you do no set the Cookie.Expires property the cookie will be set to expire at the end of the browser session.

Frazell Thomas
  • 6,031
  • 1
  • 20
  • 21
2

Cookie Will not be destroy on browser close if Taken from here

 HttpCookie cookie = new HttpCookie(name);
 cookie.Value = value;
 cookie.Expires = Convert.ToDateTime(“12/12/2008″);  //*difference is here*//
 Response.Cookies.Add(cookie);}

Cookie will be lost on browser close if

     HttpCookie cookie = new HttpCookie(name);
     cookie.Value = value;
     Response.Cookies.Add(cookie);}
Ankit
  • 4,755
  • 2
  • 22
  • 14
  • Not completely true, again browser based. Wish the browsers would get together and agree on "when a browser session ends". – GoldBishop Feb 01 '18 at 14:39
1

The best way to handle non-persistent cookies timeout with the browser open is add a key value for timeout. The code below is used for a log in user id key value and encryption(not included) security for browser compatibility. I do not use forms authentication.

HttpCookie cookie = new HttpCookie(name);
cookie.Values["key1"] = value;
cookie.Values["key2"] = DateTime.Now.AddMinutes(70).ToString(); 
                             //timeout 70 minutes with browser open
cookie.Expires = DateTime.MinValue;
cookie.Domain = ConfigurationManager.AppSettings["website_domain"];
System.Web.HttpContext.Current.Response.Cookies.Add(cookie);

When checking the cookie key value use:

try
{

DateTime dateExpireDateTime;
dateExpireDateTime = DateTime.Parse(HttpContext.Current.Request.Cookies[name]["key2"]);

if (DateTime.Now > dateExpireDateTime)
{
//cookie key value timeout code
}
else
{
//reset cookie
}

catch
{
//clear cookie and redirect to log in page
}

I have found compatibility issues using forms authentication and Google Chrome.

nothrow
  • 15,882
  • 9
  • 57
  • 104
user3536274
  • 34
  • 1
1

Take a look at the ASP.NET Session variable. This will persist depending upon your browser and can be set to be "cookieless" or with a hard timeout.

http://msdn.microsoft.com/en-us/library/h6bb9cz9%28VS.71%29.aspx

AutomationNation
  • 527
  • 1
  • 4
  • 10
  • This isn't really related to my question. Imagine if Session was disabled and I still wanted to create an Http Cookie that goes away when the browser is closed/isn't written to disk, etc. I think some of the other answers are on the right track though. – MatthewMartin Dec 21 '10 at 16:15