home | site map | contacts
about us
consulting
client login
support
contacts
  Detecting Blocked Cookies in C# ASP .NET Applications
More Articles by Primary Objects Subscribe to our C# .NET RSS feed

 

Enabling your C# ASP .NET web application to detect if a user has turned off cookies is an important step in designing any successful online software.

At Primary Objects, many of the web applications we create for our clients will be used by hundreds or thousands of users on the Internet. With this many users, there are sure to be some that are using web browsers with cookies completely turned off. Since ASP .NET web applications often rely on cookies to maintain session state features such as login pages and variables, this would create a problem for the user.

 
blocking cookies asp.net C#

A user who accesses your web application, with cookies blocked, may report that they are unable to login to your web site. Upon clicking the login button, nothing will happen. This is because without cookies enabled, session state is unable to be stored. This can create increased technical support issues for your staff. This is why enabling your web application with cookie detection is an important task.

Cookieless Session State

The easiest solution to a user who may be blocking cookies would be to set the web application's web.config file to use cookieless session state.

Cookieless session state means that the session ID variable is passed within the URL of your web application. For example, your URL will become:
http://www.myapplication.com/(sllrueyucbnxxi4345uff3/login.aspx

To configure cookieless session state, you add the following definition to your web.config file in place of the usual tag:

<sessionState cookieless="true" timeout="20" />

While this may seem like a reasonable solution, it is often more work to manipulate session variables, as you have to take into account the URL parameter session ID. The URL itself, also becomes harder for search engines to read. In fact, Google has been known to ignore spidering pages with excessive URL parameters.

A Better Solution

A better solution is to follow in the footsteps of the big web application players, such as Google and Microsoft.

If you try turning off your cookies and visit hotmail.com or google.com/preferences, you will notice they automatically detect that you are blocking cookies. This is the same technique described below to enable your web application with this feature.

Detecting Blocked Cookies in C# ASP.NET

detect blocked cookies asp.net web

Since detecting cookies takes a round-trip to the server and back (one trip to set the cookie, one trip to read the cookie we just set), we want to make this as quick as possible in order to put the least load on the server.

The basic idea to detecting blocked cookies is to first check if a certain parameter is in the URL. If it is not there, we will proceed to set a cookie and refresh the page with a parameter in the URL (to indicate on the next reload to perform the test). When the parameter is seen in the URL, we perform the test by trying to read the cookie. If it exists, cookies are enabled. Otherwise, cookies are blocked.

The following code example shows how to detect blocked cookies in C#. This code would be placed within the first page users will access on your site (usually default.aspx or Global.ascx).

// Cookie detection.
// Is our cookie not yet set and the url parameter empty? If so, lets set the cookie.
if (Session["CookieCheck"] == null && Request.QueryString["c"] == null)
{
    // Set the cookie and redirect so we can try to detect it.
    Session["CookieCheck"] = "1";
    Response.Redirect("default.aspx?c=1", true);

    return;
}
else
{
    // Detect the cookie.
    if (Session["CookieCheck"] == null || Session["CookieCheck"].ToString() != "1")
    {
        // Cookies are disabled
        Response.Redirect("NoCookies.aspx", true);
        return;
    }
}

 

Upon detecting that a user is blocking cookies, the user will be redirected to a NoCookies.aspx page. This page can notify the user in a friendly manner that the web application requires cookies and provide steps to enable them.

In summary, by actively testing for a user blocking cookies, you can help reduce technical support issues, provide a friendlier interface, and ultimately provide a more reliable C# ASP .NET web application to your users.

About the Author

This article was written by Kory Becker, founder and chief developer of Primary Objects, a software and web application development company. You can contact Primary Objects regarding your software development needs at http://www.primaryobjects.com

  Post comment >
        
DateUserComment
4/5/2007CelloJ I was able to accomplish it like this:

Code placed on a BasePage, but can also be added to every page...

protected override void OnLoad(EventArgs e)
      {
         NameValueCollection queryString = new NameValueCollection();

         queryString = Request.QueryString;

         if (Request.ServerVariables["HTTP_COOKIE"] == null)
         {
            Redirect("No Cookie Page URL...");
         }
         base.OnLoad(e);
      }
6/27/2007Zootius CelloJ : Your solution will not work in the case that:

1. The Browser has cookies enabled AND
2. No cookies have yet been sent to the Browser from the Server

This is why you need to do at least one postback.
10/8/2007bacchusPlateau just curious...i've done a lot of research on cookie detection
and from the look of your code, this code if it returns a
negative will sometimes be a false negative in the case where
a user has enabled session cookies but not persistent ones.

if you do not set an expiration date then the cookie is
a session cookie.
Profile
Learn more about Primary Objects and our goals ..  More 		01/24/08
Primary Objects releases Alumni Notes Express - online alumni class notes .. More 		08/10/06
Primary Objects releases PrimaryCMS Content Management System .. More
Home | About Us | Services | Client Login | Job Opportunities | Contact Us
Copyright © Primary Objects 2008