0

I wrote the following code to expire all the cookies in my request. But along with expiring them, I need to set the domain property for some of the cookies explicitly. I was wondering if there is a better way to do the same...

protected void Page_Load(object sender, EventArgs e)
{
  Session.Abandon();
  HttpCookie cookie;
  string cookieName;
  int cookieCount = Request.Cookies.Count;

  for (int i = 0; i < cookieCount; i++)
  {
    cookieName = Request.Cookies[i].Name;
    cookie = new HttpCookie(cookieName);
    cookie.Expires = DateTime.Now.AddDays(-1);

    if (string.Compare(cookieName, "cookie1") == 0 
      || string.Compare(cookieName, "cookie2") == 0
      || string.Compare(cookieName, "cookie3") == 0
      || string.Compare(cookieName, "cookie4") == 0)
    {
      cookie.Domain = ".mydomain.com";
    }

    Response.Cookies.Add(cookie);
  }

  Response.Redirect("my redirect link");
}

I am new to C# so not sure if there is any other better way to set the domain value to the selected list of cookies only. I am from scripting background, basically from tcl and there usually I can simply check if the given item is in the list or not like:

if ($item in $list){
    // Do something
}

which is similar to performing lsearch.

Anyways, the reason I don't like the logical operators in if is because in future i might have more cookies in the list to perform the same action and I don't want to keep stuffing the if condition checks.

I can probably do the same here as tcl like have a list of all the cookie names and then in for loop check for each cookie name in the list, but not sure how expensive it is.

Any comments would be appreciated.

Naphstor
  • 2,356
  • 7
  • 35
  • 53
  • Look over here: https://stackoverflow.com/questions/31833109/remove-and-delete-all-cookies-of-my-asp-net-c-sharp-application Just update the response cookies. You don't update the cookie, you create a new cookie. – Niels Aug 31 '17 at 14:34
  • 1
    Too many cookies are hard to maintain. ASP.NET has other mechanisms to persist the data between pages. If you could tell us what you are trying to achieve, we could suggest you a better solution. – Win Aug 31 '17 at 14:44
  • I am trying to create a single logout page for my sites that are on same domain. So I was trying to delete all the cookies, basically my session cookies, so that if the user logs out of any site, he/she is logged out of all the other sub sites. – Naphstor Aug 31 '17 at 14:48

1 Answers1

0

You use new HttpCookie to create a new cookie. Therefor the domain of the existing Cookie is not copied. You'd be better off updating the existing cookie. For example at: Remove and delete all cookies of my ASP NET c-sharp application

Copied the code below from the url above:

foreach (string key in Request.Cookies.AllKeys)
{
   HttpCookie c = Request.Cookies(key);
   c.Expires = Now.AddMonths(-1);
   Response.AppendCookie(c);
}

You can invalidate a Cookie by setting the expires date to a date in the past.

Niels
  • 48,601
  • 4
  • 62
  • 81
  • I tried doing the same as you suggested, but then if I look at the response cookie, I see the domain value as null. – Naphstor Aug 31 '17 at 14:46