Tuturials

Chapter 35: ASP Cookies

1. What is a Cookie in Classic ASP?

A cookie is a small piece of text data that the server sends to the browser and the browser sends back with every future request to the same site (or domain).

In Classic ASP, cookies are the simplest way to remember information about a visitor across multiple page requests — because HTTP is stateless (each request is independent).

Typical uses in Classic ASP:

  • “Remember me” login (keep user logged in for days/weeks)
  • Shopping cart contents (before sessions were reliable)
  • Site preferences (dark mode, language, items per page)
  • Visitor counter / last visit date
  • Tracking simple analytics (not very accurate)

Important limits (you must remember these):

  • Max size per cookie: ~4 KB
  • Max cookies per domain: ~50 (older browsers were stricter)
  • Max total cookies per domain: ~300 KB
  • Cookies can be session cookies (deleted when browser closes) or persistent (stay until expiration date)

2. How Cookies Work in Classic ASP – The Two Directions

Direction What happens ASP Code Example
Server → Browser (set cookie) Server tells browser to save a cookie Response.Cookies(“key”) = “value”
Browser → Server (read cookie) Browser sends cookie back in next request Request.Cookies(“key”)

3. Basic Example 1 – Set & Read a Simple Cookie

File: cookie_demo.asp

asp

What happens:

  1. First visit → no cookie → sets VisitorName cookie with 30-day expiration
  2. Refresh / next visit → browser sends cookie back → Request.Cookies(“VisitorName”) has the value
  3. Browser shows “Welcome back, Rahul from Hyderabad!”

Security note: Always Server.HTMLEncode when displaying cookie values — they can be tampered with.

4. Example 2 – Shopping Cart Style (Multiple Values)

Classic ASP cookies could store multiple key-value pairs under one cookie name.

asp

→ Cookies can act like a dictionary — Cookies(“MyCart”)(key) = value

5. Important Properties You Must Know

Property What it does Example
.Expires When cookie should be deleted (date) Response.Cookies(“key”).Expires = DateAdd(“d”, 30, Now())
.Domain Which domain can read it .Domain = “.example.com” (subdomains)
.Path Which path on site can read it .Path = “/shop”
.Secure Only send over HTTPS .Secure = True
.HttpOnly JavaScript cannot read it (anti-XSS) .HttpOnly = True (very important!)

Modern security habit (even in Classic ASP):

asp
Response.Cookies("UserToken").HttpOnly = True
Response.Cookies("UserToken").Secure = True

6. Teacher Summary – ASP Cookies in Classic ASP

ASP Cookies means:

  • Small text data stored in browser, sent back with every request
  • Set with Response.Cookies(“key”) = “value”
  • Read with Request.Cookies(“key”)
  • Can expire (Expires), be secure (Secure), block JS access (HttpOnly), scoped to domain/path
  • Can store multiple values (Cookies(“Cart”)(itemID) = qty)
  • Always use Server.HTMLEncode when displaying cookie values
  • Never store sensitive data (passwords, credit cards) in cookies — use encrypted tokens at most
  • Used heavily for “remember me” logins, carts, preferences before sessions were reliable

This is how millions of sites remembered users, carts, and settings in the 2000s — and many legacy Indian small-business, internal, and government systems still use exactly this cookie pattern in 2026.

Next class?

  • Want a full “Remember Me” login example using cookies + session?
  • Or how to delete / expire a cookie properly?
  • Or compare Classic ASP cookies vs modern ASP.NET Core cookies?
  • Or move to the next W3Schools topic (ASP Sessions)?

Just tell me — I’m here! 🚀🇮🇳 Keep learning strong, Webliance! 😊

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Best web teacher © 2025. All Rights Reserved bestwebteacher.com.

Home
About Us
Terms of Use
Disclaimer
Contact Us

WhatsApp

+91 9433 511 250

Email

info@bestwebteacher.com

Connect with us

Facebook-f Twitter Youtube Jki-instagram-1-light

Best web teacher © 2024 . All Rights Reserved