1. To check if a cookie exists, see if Request.Cookies[CookieName] is null. DON'T CHECK Response.Cookies in this way just to see if a cookie exists! Doing this, if the cookie does not exist
- An empty "browser-session" cookie with name of CookieName is created in the Response.Cookies collection.
- The cookie created above is copied to the Request.Cookies collection! This is clearly bonkers.
2. To send a new cookie to the user's browser, use Response.Cookies.Add().
- If you want a "permanent" cookie, set Expires to DateTime.Now.AddYears(30)
- If you want a "browser-session" cookie, set Expires to DateTime.MinValue
3. To change aspects of an existing cookie received from the user's browser, copy it from Request.Cookies to Response.Cookies and make your amendments. YOU HAVE TO RESET THE Expires PROPERTY as it will have arrived set to DateTime.MinValue in the Request.Cookies collection, regardless of its actual expiry date on the user's browser.
4. To remove an existing cookie from the user's browser, there is ONLY ONE RELIABLE WAY TO DO IT. Copy it from Request.Cookies to Response.Cookies and set the Expires property to DateTime.Now.AddYears(-30)
GOD HOW IRRITATING. I'm sure Cookies weren't this much bother in PHP. Thanks to Paul Riley for his useful article: http://www.codeproject.com/aspnet/AspNetCookies.asp