forum

home / developersection / forums / how to create a cookie in c#, which is both side modifiable.

Ask Question

How to create a Cookie in C#, which is both side modifiable.

ICSM Computer 218 05-May-2025

How to create a Cookie in C#, which is both side modifiable.

c# c# 
Updated on 21-May-2025
ICSM Computer

IT-Hardware & Networking

Ravi Vishwakarma is a dedicated Software Developer with a passion for crafting efficient and innovative solutions. With a keen eye for detail and years of experience, he excels in developing robust software systems that meet client needs. His expertise spans across multiple programming languages and technologies, making him a valuable asset in any software development project.

Follow
Can you answer this question?
Answer

1 Answers

Utpal Vishwas

Utpal Vishwas

21-May-2025

In C#, you can create a cookie that is modifiable from both the client-side (JavaScript) and server-side (C#) by ensuring the cookie meets these two criteria:

Key Requirements

  • HttpOnly = false — so JavaScript can read/modify it.
  • No Secure flag (unless using HTTPS).
  • Accessible Path — set Path = "/" if you want it globally accessible.

1. Set a Modifiable Cookie in C# (Server-Side)

In ASP.NET MVC or WebForms, you can use:

HttpCookie cookie = new HttpCookie("user-preference", "dark-mode");
cookie.Expires = DateTime.Now.AddDays(7);     // Optional: persist cookie
cookie.HttpOnly = false;                      // Required to allow JavaScript access
cookie.Path = "/";                            // Available site-wide

Response.Cookies.Add(cookie);

In ASP.NET Core:

Response.Cookies.Append("user-preference", "dark-mode", new CookieOptions
{
    Expires = DateTimeOffset.Now.AddDays(7),
    HttpOnly = false,
    Path = "/"
});

2. Access and Modify the Cookie via JavaScript (Client-Side)

// Read cookie
function getCookie(name) {
  const match = document.cookie.match(new RegExp('(^| )' + name + '=([^;]+)'));
  return match ? decodeURIComponent(match[2]) : null;
}

// Set or update cookie
document.cookie = "user-preference=light-mode; path=/; max-age=604800"; // 7 days

document.cookie can only access cookies that are not HttpOnly and within the current path/domain.

3. Modify the Cookie in C# Again (Optional)

if (Request.Cookies["user-preference"] != null)
{
    var cookie = new HttpCookie("user-preference", "updated-mode");
    cookie.Expires = DateTime.Now.AddDays(7);
    cookie.HttpOnly = false;
    Response.Cookies.Set(cookie);
}

Important Notes

  1. Avoid storing sensitive data (like tokens, user IDs) in client-accessible cookies.
  2. Cookies sent by the browser will always be the latest set value, whether it was updated client- or server-side.
  3. Cookies are limited in size (~4 KB per cookie).
advertising
advertising

Liked By

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy