1

I would like to detect if a user has cookies turned off and redirect them. Ideally I would like this to work throughout my site so that at any stage if the user turns cookies off they would be redirected to a page of my choice.

Who anyone have a idea of how to achieve this. I was thinking of creating a helper but I'm hoping there might be a neater simpler method of doing this?

Robert Koritnik
  • 97,460
  • 50
  • 267
  • 388
Sparkle
  • 2,289
  • 3
  • 16
  • 20
  • 1
    How do you handle *first* visit to your page when there are definitely no cookies there yet? Do you add a cookie and redirect to the same page again? – Robert Koritnik Sep 21 '11 at 15:48
  • 1
    possible duplicate of [How to detect if cookies are disabled? Is it possible?](http://stackoverflow.com/questions/531393/how-to-detect-if-cookies-are-disabled-is-it-possible) – Chase Florell Sep 21 '11 at 15:52

1 Answers1

0

This is not as simple as it may first seem, because there are several aspects of your application that affect functionality here:

  1. What do you do when user first visits your root URL
  2. What to do when users get a link that is not root URL
  3. Can cookies be periodically checked

Why do you need users to have cookies turned on? Please explain your business process maybe it this can be mitigated differently.

Additional info

You say you're persisting user info using a cookie. This is basically the same as Session stores its Session ID. Inside a cookie. This is also the same as any forms authentication where upon login you store all or part of user information inside a cookie that gets accessed every time user makes a request.

This makes it possible for you to use existing methods to achieve the same goal and not reinvent the wheel.

1. Write a custom HttpModule

Your module should be checking for that extra bit of information that you'd like to pass over each time your users make requests. If that data is not present you can redirect your user even before it gets to the application pipeline.

But invest enough time to think out the whole process with all different possible executions like first access, turned off cookies, turning them off afterwards etc.

2. Use cookies or/and Sessions

By using Sessions you have to make sure that your module executes after session module otherwise session data will always be missing. Using just cookies won't have this issue. But this heavily depends on the amount of data that you wish to preserve. If there's too much of it (and is volatile) you should put some in session and just keep a handle in cookie that will get you to session data.

A completely different cookie-less option

A completely different option is a combination of Asp.net MVC routing and server persistence (Session/Cache/DB whatever).

This is somehow similar to cookie-less sessions, but this time manually done with Asp.net MVC routing. Suppose this routing definition:

routes.MapRoute(
    "Retention"
    "{handle}/{controller}/{action}/{id}",
    new { Controller = "Home", Action = "Index", Id = UrlParameter.Optional },
    new { Handle = "\d+" } // set your own constraint according to your needs
);
routes.MapRoute(
    "Default"
    "{controller}/{action}/{id}",
    new { Controller = "Home", Action = "Index", Id = UrlParameter.Optional }
);

This way you will keep your user persistence data handle in URL which will still work even though user would turn off cookies. To avoid failing sessions along with it you should persist data in some other storage.

Community
  • 1
  • 1
Robert Koritnik
  • 97,460
  • 50
  • 267
  • 388
  • Require a long persistent user login and user info retention for mobile apps. So I'm using cookies to do this. Problem is that when cookies are off I cant offer the same functionality with a session. Thus why I want to force the use of cookies to use my apps. – Sparkle Sep 21 '11 at 16:14
  • Some people *choose* to disable cookies and therefore knowingly agree to the added step of re-logging in. This should **not** make it so that they are unable to use an app... you are limiting your audience by doing so. – Chase Florell Sep 21 '11 at 16:32