stackoom
  简体   繁体   中英

How reliable is the Request.Browser.Cookies property in ASP.NET?

 原文  2011-03-11 16:32:04       c#/ .net/ asp.net/ cookies/ httprequest

Question

The Request.Browser.Cookies property (of type bool ) attribute stores information whether client's browser supports cookies and whether or not they are enabled.

How reliable is the property Request.Browser.Cookies ? Is it guaranteed to be correct ? Or should I rather implement redirection technique suggested by Software Monkey in this question ?

Please note: This in not a question "are cookies reliable" ? This is a question: "Is the information whether users browser accepts cookies reliable?"

2 answers

solution1
 2 ACCPTED  2011-03-11 17:02:45

With the revised question, a new answer:

The documentation property HttpBrowserCapabilitiesBase.Cookies says:

This property does not indicate whether cookies are currently enabled in the browser, only whether the browser can support cookies.

It appears to be set based on detection of the user's browser and the browser capability database on the server. So it will reliably tell you if the browser is capable of storing cookies if and only if:

  1. The request's user agent string is correct.
  2. The browser is in the database and the database is correct for the browser.

Condition #1 would be broken if the user agent HTTP header was changed (eg. by developer tools or a proxy). Condition #2 would be broken if the browser is newer than the database, or there is a defect in the database.

tl;dr version: there is no guarantee, treat this information as "best effort". And of course the user could have disabled cookies (eg. "in private" browsing mode).

Original answer to a different question:

If you want to rely on the cookies you send in a response always coming back exactly the same, then the answer is: usually, but don't rely on this.

Possible reasons:

  • Non-HTTP only cookies can be modified by client side script (and that script could be injected locally).
  • A browser bug.
  • Using a non-browser to make request (eg. wget.exe ) that doesn't handle cookies for the user.
  • A proxy that modifies the request or response.
  • Local clock on client system modified to cause cookie expiration.
  • User modifying the cookie store of the browser.

solution2
 1  2011-03-11 17:25:22

I understand people are not getting the gist of your question. But you seem to have doubts about the method's reliability. I mean, I could ask "is Request.QueryString reliable? will it return all the parameters in the request URL?" and the answer would be "yes", unless you have some information that contradicts that. So do you have information that Request.Browser.Cookies isn't reliable? As far as I know it is. Have you encountered a situation where it does not work correctly?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.Net Cookies not being saved to the browser ASP.NET Send Cookies to client Browser How to request client cookies on server ASP.NET How to delete cookies on an ASP.NET website ASP.NET Cookies Cookies in ASP.Net how to remove cookies from browser in asp.net c#, SO answers NOT working How to Resolve cookies issue in asp.net How do Cookies Work in ASP.NET? ASP.NET cookies with multiple values - how to?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM