Name
Cookie
Synopsis
This class represents an HTTP cookie, as
standardized by RFC 2965
(ftp://ftp.isi.edu/in-notes/rfc2965.txt). A
cookie represents a simple name-value pair that is sent back by the
HTTP User-Agent on each subsequent request to the URL host that set
the cookie. The rules governing the visibility, scope, and lifetime
of cookies is well documented in the RFC; see that document for
details. The Cookie
has properties defined on it
corresponding to the settable values in the RFC: principally, the
Value
property sets the value of the cookie, and
the Name
property sets the name by which the
cookie’s value can be retrieved.
As a User-Agent, adding a Cookie
to an
HttpWebRequest
is as simple as adding the
Cookie
instance to the
HttpWebRequest.CookieContainer
property. When you
receive a response from an HTTP server, it may contain one or more
cookies. Use the HttpWebResponse.Cookies
collection to obtain the cookies that the HTTP server sent you.
Note that, as a User-Agent (the client), it is the .NET
programmer’s responsibility for maintaining all the
semantics of the RFC—that is, the cookie must only be sent back
to the host that set it, the cookie can only be sent back if it obeys
the “path” prefix set on the
cookie, and so forth. Failure to do so could result in different
hosts viewing cookies that they didn’t set, which is
a potential security hole (albeit only if a host puts sensitive
material into the cookie in the first place). None of this is
implemented in the HttpWebRequest ...
Get C# in a Nutshell, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.