Home/ Questions/Q 6825031
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T21:58:23+00:00

In ASP.net 2.0 Response.Cookies.Add() is a VOID (which boggles me somewhat). Is there a

  • 0

In ASP.net 2.0 Response.Cookies.Add() is a VOID (which boggles me somewhat). Is there a way to check to see if the function successfully added the cookie?

I just spent 2 hours trying to track down an authentication issue for one user. Finally I realized he was in a BUNCH of AD groups and I believe the cookie we were building for him, and trying to set, was > 4096 bytes.

Would be nice to know up front if the call to Response.Cookies.Add() failed.

We were trapping the error later in the global.asax page when we did:

 HttpCookie authCookie = Context.Request.Cookies[cookieName];

and authCookie for this user was always null.

Thanks for the responses.

I’ve decide to check the size before calling Response.Cookies.Add() and alert the user accordingly.

int iSize = System.Text.UTF8Encoding.UTF8.GetByteCount(authCookie.Values.ToString());
                if (iSize > 4096)
                {
                    lblMessage.Text = "The authentication cookie cannot be set as it is > 4096 bytes; a limit imposed by the browser.  The current size of the Cookie.Values is " + iSize.ToString() + " bytes.";
                    lblMessage.CssClass = "msgBox Alert";
                    return;
                }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I setup a simple project that write a random cookie value, and used Fiddler to examine the response:

    GET http://localhost.:2605/Default.aspx HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: localhost.:2605
Pragma: no-cache
Cookie: ASP.NET_SessionId=wxpo32z2zxr1qlbwgx4on3z2; test1047139665=value775124204

    You can see the cookie in the Cookie section of the header above. This is consistent with the documentation at: http://msdn.microsoft.com/en-us/library/system.web.httpresponse.cookies.aspx

    The size limitation is documented here:

    http://support.microsoft.com/kb/306070

    Looks like you’ll have to check yourself before writing it.

    • 0