48

I have web application in Asp.Net MVC4 and I want to use cookie for user's login and logout. So my actions as follows:

Login Action

    [HttpPost]
    public ActionResult Login(string username, string pass)
    {
        if (ModelState.IsValid)
        {
            var newUser = _userRepository.GetUserByNameAndPassword(username, pass);
            if (newUser != null)
            {
                var json = JsonConvert.SerializeObject(newUser);

                var userCookie = new HttpCookie("user", json);
                userCookie.Expires.AddDays(365);
                HttpContext.Response.Cookies.Add(userCookie);

                return RedirectToActionPermanent("Index");
            }
        }
        return View("UserLog");
    }

LogOut Action

    public ActionResult UserOut()
    {
        if (Request.Cookies["user"] != null)
        {
            var user = new HttpCookie("user")
                {
                    Expires = DateTime.Now.AddDays(-1),
                    Value = null
                };
            Response.Cookies.Add(user);
        }
        return RedirectToActionPermanent("UserLog");
    }

And I use this cookie in _Loyout as follow:

@using EShop.Core
@using Newtonsoft.Json
@{
   var userInCookie = Request.Cookies["user"];
}
...
  @if (userInCookie != null && userInCookie.Value)
  {
        <li><a href="#">Salam</a></li>
        <li><a href="@Url.Action("UserOut", "Home")">Cıxış</a></li>
  }
  else
  {
        <li><a href="@Url.Action("UserLog", "Home")">Giriş</a></li>
  }

But When I click *UserOut* action this action happen first time, but then it doesn't work. I put breakpoint for looking process but it get UserLog action doesn't UserOut. My question is that where I use wrong way of cookie? What is a best way using cookie in Asp.Net Mvc4 for this scenario ?

Improve this question
2
  • Is there a reason you're not using Forms Authentication? Commented Oct 2, 2013 at 3:20
  • How can I use its? I know this, but don't deeply, so I can't use Forms Authentication. I have some special process and I afraid that can't do their with Forms Authentication. Commented Oct 2, 2013 at 3:44

3 Answers 3

Reset to default
71

Try using Response.SetCookie(), because Response.Cookies.Add() can cause multiple cookies to be added, whereas SetCookie will update an existing cookie.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you for reply, but it doesn't work again. please watch this screencast.com/t/eMeFnm6Hq
It is very strange. Why my LogOut Action doesn't handled with break point?! but RedirectToActionParmenently work fine :(
So the issue only occurs if you use RedirectToAction()?
15

We are using Response.SetCookie() for update the old one cookies and Response.Cookies.Add() are use to add the new cookies. Here below code CompanyId is update in old cookie[OldCookieName].

HttpCookie cookie = Request.Cookies["OldCookieName"];//Get the existing cookie by cookie name.
cookie.Values["CompanyID"] = Convert.ToString(CompanyId);
Response.SetCookie(cookie); //SetCookie() is used for update the cookie.
Response.Cookies.Add(cookie); //The Cookie.Add() used for Add the cookie.
Improve this answer

Comments

2 
userCookie.Expires.AddDays(365);

This line of code doesn't do anything. It is the equivalent of:

DateTime temp = userCookie.Expires.AddDays(365); 
//do nothing with temp

You probably want 

userCookie.Expires = DateTime.Now.AddDays(365);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.