How to store custom data in ASP.NET Membership Cookie

Question

Can anyone give me an example (or point me in the right direction) on how to store custom data in an ASP.NET Membership cookie?

I need to add some custom properties

Answer 1

First of all ASP.Net Membership providers don't write any cookies, Authentication cookies are written by FormsAuthentication.

And secondly, why interfere into authentication cookie at all. You can do this in a seperate cookie altogether. Here's how you can do that.

Writing the keys-values into cookie.

//create a cookie
HttpCookie myCookie = new HttpCookie("myCookie");

//Add key-values in the cookie
myCookie.Values.Add("UserId", "your-UserId");
myCookie.Values.Add("UrlSlug", "your-UrlSlug");

//set cookie expiry date-time, if required. Made it to last for next 12 hours.
myCookie.Expires = DateTime.Now.AddHours(12);

//Most important, write the cookie to client.
Response.Cookies.Add(myCookie);

Reading the keys-values from cookie.

//Assuming user comes back after several hours. several < 12.
//Read the cookie from Request.
HttpCookie myCookie = Request.Cookies["myCookie"];
if (myCookie == null)
{
    //No cookie found or cookie expired.
    //Handle the situation here, Redirect the user or simply return;
}

//ok - cookie is found.
//Gracefully check if the cookie has the key-value as expected.
if (!string.IsNullOrEmpty(myCookie.Values["UserId"]))
{
    string UserId= myCookie.Values["UserId"].ToString();
    //Yes UserId is found. Mission accomplished.
}

if (!string.IsNullOrEmpty(myCookie.Values["UrlSlug"]))
{
    string UrlSlug = myCookie.Values["UrlSlug"].ToString();
    //Yes key2 is found. Mission accomplished.
}

If at all you need to disturb the authentication cookie, though not advisable, This is how you may do it.

Writing the keys-values into cookie.

//create a cookie
HttpCookie myCookie = FormsAuthentication.GetAuthCookie("UserName", true);

//Add key-values in the cookie
myCookie.Values.Add("UserId", "your-UserId");
myCookie.Values.Add("UrlSlug", "your-UrlSlug");

//set cookie expiry date-time, if required. Made it to last for next 12 hours.
myCookie.Expires = DateTime.Now.AddHours(12);

//Most important, write the cookie to client.
Response.Cookies.Add(myCookie);

Reading the keys-values from cookie.

//Assuming user comes back after several hours. several < 12.
//Read the cookie from Request.
HttpCookie myCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (myCookie == null)
{
    //No cookie found or cookie expired.
    //Handle the situation here, Redirect the user or simply return;
}

//ok - cookie is found.
//Gracefully check if the cookie has the key-value as expected.
if (!string.IsNullOrEmpty(myCookie.Values["UserId"]))
{
    string UserId= myCookie.Values["UserId"].ToString();
    //Yes UserId is found. Mission accomplished.
}

if (!string.IsNullOrEmpty(myCookie.Values["UrlSlug"]))
{
    string UrlSlug = myCookie.Values["UrlSlug"].ToString();
    //Yes key2 is found. Mission accomplished.
}