14.4. Using Cookies
Cookies are key-value pairs that are stored on the client computer. Using cookies to persist information is a simple and easy option in ASP.NET if you need to maintain state when working with Web applications. Cookies are passed along with the HTTP request to the server and are used to identify the user upon receipt.
14.4.1. Advantages to Using Cookies
There are advantages to using cookies within your ASP.NET Web applications to store simple data. First, cookies do not require server resources because none of the cookies are stored on the server. Second, you can set cookies to expire when the browser is shut down or at any date in the future. Therefore, it is possible for the application to remember the user if he returns weeks or months later.
14.4.2. Disadvantages to Using Cookies
There are also some negatives to using cookies. One negative is that cookies need to be small. You cannot send large amounts of data to the clients to store on their machines. Generally, there is a 4,096-byte limit to the size of a cookie, limiting the types of data that you can store. For some applications, cookies can cause some serious security risks. It is easy for knowledgeable users to change cookies. This can be a major problem if you are using cookies to help users gain access to private information.
I know of a financial institution that was storing each user's account number as a cookie on the client's machine. The application that displayed information about the users' ...
