handling a comma inside a cookie value using .net's (C#) System.Net.Cookie

10,943

Solution 1

According to the following article, you should consider UrlEncode and UrlDecode for storing values in cookies.

private void SetCookie()
{
    HttpCookie cookie = new HttpCookie("cookiename");
    cookie.Expires = DateTime.Now.AddMonths(24);
    cookie.Values.Add("name", Server.UrlEncode(txtName.Text));
    Response.Cookies.Add(cookie);
}

private void GetCookie()
{
    HttpCookie cookie = Request.Cookies["cookiename"];
    if (cookie != null)
    {
        txtName.Text = Server.UrlDecode(cookie.Values["name"]);
    }
}

Don’t ever HTML encode a cookie in ASP.NET! It results in a yellow screen of death and an exception stating that the cookie contains dangerous characters.

MSDN also has an article on the subject.

ASP.NET does not encode or unencode cookies in UrlEncode format by default. As a result, you may encounter unexpected behavior in ASP.NET applications.

Solution 2

To handle the cookie, since a cookie is essentially a string, you may like to try URL Encoding the cookie value before setting it, and then Decoding it when you pull out the value.

i.e.:

Response.Cookies["Value1"] = Server.UrlEncode(sCookieValue);

and similarly:

string sCookieValue = Server.UrlDecode(Request.Cookies["Value1"]);
Share:
10,943

Related videos on Youtube

Admin
Author by

Admin

Updated on April 15, 2022

Comments

  • Admin
    Admin over 1 year

    I'm creating a client to visit a website and log in + do some tasks automatically, however they recently updated their cookies to (for whatever reason...) contain a comma inside their identification cookie.

    So for example, the Cookie will have a value similar to this:

    a,bcdefghijklmnop
    

    The problem is, according to msdn you can't use a comma nor a period inside a cookie's value. What I'm looking for is a way around this limitation, some way to make .net's Cookie's work nice with the commas. I've found that the server does send a 'SET-COOKIE' header to the client and I'm guessing that's what is being parsed, but that also seems to obviously give special meaning to commans and semicolons as well (thus the limitation of the class inside .NET itself).

    But then how does a browser such as IE, Firefox, etc... handle the cookie properly (as they clearly do, since the website works fine in any browsers I've tested it with.) Is there maybe a way to force this behaviour in .NET?

    Any help would be appreciated, thanks.

    --- EDIT ---

    some additional information:

    My code looks something like this:

    request = (HttpWebRequest)WebRequest.Create(URI); 
    request.CookieContainer = Program.client.cookieJar;
    

    Where cookieJar is defined in Program.client as:

    CookieContainer cookieJar = new CookieContainer();
    

    When i loop through and print out all the cookies in the CookieContainer, I get something like this: (cookies, in the format: "name" -> "value")

    "normal_cookie" -> "i am the value" 
    "messedup_cookie" -> "a" 
    "bcdefghijklmnop" -> "" 
    
    // What I should get is this: 
    "normal_cookie" -> "i am the value" 
    "messedup_cookie" -> "a,bcdefghijklmnop" 
    

    The core of the problem seems to be that commas and semi colons are reserved characters in the SET-COOKIE header string...but then how do browsers handle this? I can probably parse the string myself but I don't know how to get around situations such as this one: (HTTP header, in the format: "name" -> "value")

    "Set-Cookie" -> "messedup_cookie=a,bcdefghijklmnop; path=/; domain=.domain.com; expires=Sat, 15-Aug-2009 09:14:24 GMT,anothervariable=i am the value;"
    

    As you can see, the expires section looks for a comma instead of a semicolon to differentiate itself from the next variable. As far as I can tell, it's in the format:

    cookie1_var1=value; cookie1_var2=value,cookie2_var1=value; cookir2_var2=value
    

    But if that's true, is there an elegant way to deal with commas that may occur inside one of the values?

  • Admin
    Admin over 14 years
    Hmm but how would i do that with a CookieContainer? I suppose I should have made it more clear to begin with...my code is something like this: request = (HttpWebRequest)WebRequest.Create(URI); request.CookieContainer = Program.client.cookieJar; so that CookieContainer handles all the cookie stuff for me and I just pass it around between http requests
  • Admin
    Admin over 14 years
    Thanks for the answer, but I have the same question as I asked the previous poster - how do I do this with the CookieContainer? Also, I'm using C# not ASP.net if that makes any difference.
  • Andrew La Grange
    Andrew La Grange over 14 years
    What is creating the Program.client.cookieJar? You could create a wrapper class perhaps that automatically transposes all cookies passed the container with UrlEncode and then sets the base CookieContainer property on the Request with the revised cookieJar
  • Admin
    Admin over 14 years
    CookieContainer cookieJar = new CookieContainer(); I don't know how I'd go about setting a wrapper for it, as I don't know at what point the header is actually parsed. When I loop through all the cookies in the CookieContainer I get something like this: csharp.pastebin.com/f1bb0dffa The core of the problem seems to be that commas and semi colons are reserved characters in the SET-COOKIE header string...but then how do browsers handle this? I can probably parse the string myself but I don't know how to get around situations such as this: csharp.pastebin.com/f5dcaf847