Home/ Questions/Q 8875621
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T19:01:08+00:00

error is: The name ‘Response’ does not exist in the current context when i

  • 0

error is: The name ‘Response’ does not exist in the current context when i try to use Response.Cookies.Add(cookie);

I’m not sure what else should I need to include to get it work.
I making app where user can login and when they login cookie is made so they dont need to login again when they reopen the app .

using MySql.Data.MySqlClient;
using System.Web;




namespace login
{

    public partial class Form1 : Form
    {
        MySqlConnection konekcija;
        string baza = "host=localhost;database=test;user=root;password=";
        MySqlCommand comm;
        MySqlDataReader reader;
        HttpCookie cookie;




        public Form1()
        {
            InitializeComponent();
        }



        private void Form1_Load(object sender, EventArgs e)
        {
            konekcija = new MySqlConnection(baza);
            comm = konekcija.CreateCommand();
            konekcija.Open();


        }



        private void button1_Click(object sender, EventArgs e)
        {

            string user = textBox2.Text.ToString();
            string pass = textBox1.Text.ToString();
            trylogin( user,  pass);

        }

        public void trylogin(string user, string pass)
        {

            if (checkBox1.Checked)
            {
                cookie = new HttpCookie("remember_me");
                cookie["Username"] = textBox2.Text;
                cookie["Expire"] = "365 Days";
                cookie.Expires = DateTime.Now.AddDays(365);
                Response.Cookies.Add(cookie);


            }

            comm.CommandText = "SELECT * FROM korisnici WHERE user='"+user+"' AND pass='"+pass+"'";

            reader = comm.ExecuteReader();
            if (reader.Read() == true)
            {

                reader.Dispose();
            }
            else 
            {
                reader.Dispose();
            }

        }

        private void Form1_FormClosing(object sender, FormClosingEventArgs e)
        {
            konekcija.Close();
        }
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Search the web for “remember me in c#”, you’ll find many discussions, i.e.:

    "Remember Me" in ASP.Net

    http://forums.asp.net/t/1303629.aspx

    Anyway, you’re attempting something really insecure with your code, watch out.

    Regardless your “remember me” task, ok, you may want to compose your sql queries “on the fly”, just remember to double your quotes with a replace before sending to sql engine:

    user = user.Replace("'", "''"); //Assuming string values are not null here
password = password .Replace("'", "''");
comm.CommandText = "SELECT * FROM korisnici WHERE user='"+ user +"' AND pass='"+ password +"'";

    I strongly encourage you learn using parameters (i.e. “… and user=@user”): they will give you more security and robustness to your code and doing so you don’t need to use Replaces.

    Another good practice is to extract only needed fields. If anyone gets access to this result someway and you have also put password field in clear text, this will happly shows it out.
    If you don’t “select *”, system maybe still unsecure, but at least you don’t give anything out for free:

    comm.CommandText = "SELECT user_name,login_level,anything_you_really_need FROM korisnici WHERE user=@user AND pass=@pass";
MySqlParameter pUser = new MySqlParameter("@user", user);
MySqlParameter pPass = new MySqlParameter("@pass", password);

comm.SelectCommand.Parameters.Add(pUser);
comm.SelectCommand.Parameters.Add(pPass);
    • 0