How to store additional details in your web session cookie

If you're using the ASP.NET membership you're probably aware that one of the things it usesto keep the user logged in can be a cookie. This cookie can be used to store additional details also to help you cut down on the database calls required for simple things like the user's name or email address.

You could write your own extension to handle the cookie creation and management but you might find it easier to use a third party library called FormsAuthenticationExtensions

This extension can be installed using Nuget: Install-Package FormsAuthenticationExtensions

Once installed you can use it very easily by adding the following code to your application where the user's is being logged in:

using FormsAuthenticationExtensions;

public bool Login(string userName, string password)
		{
            // handle your own logic to check the username and password and log in the user

            // if the login is successful, store some additional details into the session ticket
            if (User.Identity.IsAuthenticated)
            {
                var user = // make a database call to get this user's name and email address

                var ticketData = new NameValueCollection
                {
                    { "firstname", user.Firstname },
                    { "surname", user.Surname },
                    { "email", user.Email }
                };
                new FormsAuthentication().SetAuthCookie(userName, true, ticketData);
            }

            return loggedIn;
		}

As you can see the above code will take the user's email and name and store it along with the session cookie.

To read the values from the cookie in your MVC controller you can use something like this:

using FormsAuthenticationExtensions;

public ActionResult MyContactDetails()
        {
            // get the email from cookie
            var ticketData = ((FormsIdentity)User.Identity).Ticket.GetStructuredUserData();
            var emailFromCookie = ticketData["id"];

            return View();
        }

Or if you want to display the cookie details in your razor view you can do this:

@using FormsAuthenticationExtensions;
@{
    var ticketData = ((FormsIdentity)User.Identity).Ticket.GetStructuredUserData();
}

email : @ticketData["email"] 

Finally, if you need to update any of the details in the cookie (for example, if the user updates their email address) you can simply do something like this:

using FormsAuthenticationExtensions;

[HttpPost]
        public ActionResult MyContactDetails(ViewModel model)
        {
            // check cookie for data
            var ticketData = ((FormsIdentity)User.Identity).Ticket.GetStructuredUserData();

            if (ModelState.IsValid)
            {
                // update some of the cookie information with the new data
                ticketData = new NameValueCollection
                {
                    { "firstname", model.Firstname },
                    { "surname", model.Surname },
                    { "email", model.Email }
                };
                new FormsAuthentication().SetAuthCookie(model.Email, true, ticketData);

                return RedirectToAction("MyContactDetailsSuccess");
            }

            return View(model);
        }

As you can see it's very easy to use and a great way of storing small data in your app to help cut down on database calls. You need to be a little careful with this and ensure that you only store the bare minimum of information here. Cookies can't be too large so if you have anything more than 3-5 additional string data types and you might want to look at using a Session value instead. You should also avoid storing any complex data types in your cookies.

blog comments powered by Disqus

Get In Touch

Follow me online at TwitterFacebook or Flickr.

Latest Tweets