Cookies

This document describes how to work with cookies.

Overview

DotNetBrowser delegates the work with cookies to the Chromium engine. Chromium decides how to download cookies from a web server, extract them from the HTTP headers and store them in a local file system (persistent cookies) or in the memory (session cookies).

The ICookieStore interface allows you to get, modify, and remove cookies. The Cookie class provides information on a particular cookie.

Supported protocols

DotNetBrowser supports cookies that are sent using the following protocols:

  • HTTP
  • HTTPS
  • WS (WebSocket)
  • WSS (Secured WebSocket)

If a cookie is sent using a protocol that is not on the list, for example, ftp://, it will not be stored in the cookie storage.

Working with cookies

DotNetBrowser supports the following kinds of cookies:

  • Persistent cookies — stored in the Chromium user data directory. If you delete the Chromium user data directory, all the persistent cookies will be removed as well.
  • Session cookies — stored in the application memory, and will be removed automatically when the application is terminated.
  • Secure cookies — can only be transmitted over an encrypted connection which is HTTPS. This makes the cookie less likely to be exposed to cookie theft using eavesdropping.
  • HttpOnly cookies — cannot be accessed by the client-side APIs, such as JavaScript. This restriction eliminates the threat of cookie theft using the cross-site scripting (XSS). However, the cookie remains vulnerable to cross-site tracing (XST) and cross-site request forgery (XSRF) attacks.

When you modify cookies, use the ICookieStore.Flush() method to save the changes in the cookie store.

Getting cookies

To get all cookies, use the GetAllCookies() method:

engine.CookieStore.GetAllCookies().Result.ToList().ForEach(cookie =>
    Console.WriteLine("cookie = " + cookie));

To get all cookies by a URL, use the GetAllCookies() method with a string parameter:

engine.CookieStore.GetAllCookies("https://www.google.com").Result.ToList().ForEach(cookie =>
    Console.WriteLine("cookie = " + cookie));

Creating cookies

Persistent

To create a persistent cookie, use the code sample below:

Cookie cookie = new Cookie.Builder
{
    Name = "name",
    Value = "value",
    DomainName = ".google.com",
    ExpirationTime = expirationTime,
    Path = "/"
}.Build();

bool success = engine.CookieStore.SetCookie("http://www.google.com",cookie).Result;
engine.CookieStore.Flush();

The code sample above creates a persistent cookie for the http://www.google.com URL. The success variable will be true if the cookie is created and added to the cookie storage successfully.

Session

To create a session cookie, use the code sample below:

Cookie cookie = new Cookie.Builder
{
    Name = "name",
    Value = "value",
    DomainName = ".google.com",
    Path = "/"
}.Build();

bool success = engine.CookieStore.SetCookie("http://www.google.com",cookie).Result;
engine.CookieStore.Flush();

Deleting cookies

To delete all cookies, use the DeleteAllCookies() method:

int numberOfDeletedCookies = engine.CookieStore.DeleteAllCookies().Result;
engine.CookieStore.Flush();

To delete one cookie, use the Delete(Cookie) method. The code sample below deletes all cookies one by one obtaining the result of the operation:

engine.CookieStore.GetAllCookies().Result.ToList().ForEach(c => 
    engine.CookieStore.Delete(c).Wait());
engine.CookieStore.Flush();

Suppressing cookies

You can control all incoming and outgoing cookies using the CanSetCookieHandler and CanGetCookiesHandler handlers of the Network.

To suppress the incoming cookies, use the code sample below:

network.CanSetCookieHandler = new Handler<CanSetCookieParameters, CanSetCookieResponse>(p =>
    CanSetCookieResponse.Deny());

To suppress the outgoing cookies, use the code sample below:

network.CanGetCookiesHandler = 
    new Handler<CanGetCookiesParameters, CanGetCookiesResponse>(p =>
    {
        return CanGetCookiesResponse.Deny());
    }

Encryption

DotNetBrowser supports the cookie encryption by default. It uses the Chromium cookies encryption routines, so the cookies are stored the same way as in Chromium.

On Windows, DotNetBrowser uses only DPAPI to encrypt cookies. There are no alternatives at the moment.

Go Top