Class
WebCookieManager
Description
Used to get and set cookies connected with the app.
You can only get an instance of this object via the WebSession.Cookies property.
Methods
Name |
Parameters |
Returns |
Shared |
|---|---|---|---|
index As Integer |
|||
name As String, value As String, expiration As DateTime = Nil, domain As String = "", path As String = "", secure As Boolean = False, httpOnly As Boolean = False, sameSite As SameSiteStrength = SameSiteStrength.Off |
|||
name As String |
Enumerations
WebCookieManager.SameSiteStrength
SameSiteStrength
Controls when browsers send your cookie with requests.
Enum
Description
Off
The cookie is sent with all requests, including cross-site ones. Browsers require the Secure flag for this setting, which the framework automatically applies.
Lax
The cookie is sent with same-site requests and top-level navigation, but blocked from cross-site embedded requests.
Strict
The cookie is only sent with same-site requests - provides maximum protection but may break legitimate cross-site functionality.
A same-site request comes from the same domain as your application (e.g., if your app is on example.com, requests from example.com or www.example.com). A cross-site request originates from a different domain, such as when your site is embedded in an iframe on thirdparty.com or called via AJAX from anotherdomain.org.
Method descriptions
WebCookieManager.Count
Count As Integer
Returns the number of cookies created by the app.
WebCookieManager.NameAt
NameAt(index As Integer) As String
Returns the name of the cookie at the index passed.
WebCookieManager.Remove
Remove(name As String, domain As String = "", path As String = "") As String
Removes the cookie with the name, domain and path passed.
WebCookieManager.Set
Set(name As String, value As String, expiration As DateTime = Nil, domain As String = "", path As String = "", secure As Boolean = False, httpOnly As Boolean = False, sameSite As SameSiteStrength = SameSiteStrength.Off)
Sets the cookie to the values passed. If sameSite is set to SameSiteStrength.Off, secure will always be True, regardless of what you've entered.
Parameter
Description
name
Name of the cookie to set so you can retrieve the value later with the Value method.
value
A value to store on the user's browser.
expiration
Date after which the cookie will no longer be available.
domain
Limits access to the cookie to the domain specified.
path
Limits access to the cookie to the path specified.
secure
If True, the cookie can only be accessed via secure (https) connections.
httpOnly
If True, the cookie can only be accessed via (https) connections.
sameSite
Defines the context in which the cookies are sent by the browser to the server. The default value None means cookies are sent in all contexts. With Lax, cookies are not sent on normal cross-site subrequests (images or frames to a 3rd party site). With Strict cookies are only sent to your server.
If you don't provide an expiration date, your cookie will expire when the session ends. If you do provide an expiration date, the cookie will expire as late as the provided expiration date because browsers can decide to discard cookies before they expire.
WebCookieManager.Value
Value(name As String) As String
Returns the cookie whose name was passed.
Notes
Session cookies are deleted by the browser when the browser decides that the session has ended.
Compatibility
Project Types |
Web |
Operating Systems |
All |
See also
Object parent class; WebSession.Cookies property.