asp cookie vs javascript cookie

what is the dif开发者_如何转开发ference between asp cookie and javascript cookie. by asp cookie i mean cookie created using response.cookie & which one is better ?

There isn't a difference in the underlying "cookie" itself, only the approach to setting/reading it. Both are, in fact, a client-side cookie sent to and from the browser in the request/response headers.

The difference is that the cookie can be manipulated on the client in javascript (e.g. using document.cookie) or on the server from within ASP.NET (e.g. using Request.Cookies and Response.Cookies).

In fact, you could mix both ASP.NET and Javascript cookie manipulation on the same cookie if you really wanted to.

[BTW - I assume you were referring to ASP.NET. ALthough you only say ASP in your question text, the question is tagged as ASP.NET]

There is one very tiny difference. This is the time - asp uses the server time and javascript uses the from the visitor's PC. So there is one performance effect, if the server time isn't correct. Example: server time is 10:00 (5 min late from real time), visitor PC is with the correct time 10:05. In this case the cookie should probably live 5 minutes less. ( I didnt't invent the argument, only the example, origin "php power programing" )

Other than that there is one significant difference in the setting of the cookie - only server-side programming language can set a httponly cookie ^{wikipedia owasp} - cookie inaccessibly by the client-side scripting ( JScrip/JavaScript etc ). Which makes it a little less vulnerable to XSS ^wikipedia.

Theoretically better use "asp cookie".

Cookies are controlled by two HTTP protocol headers - Cookie and Set-Cookie. Cookie header is used in HTTP requests and Set-Cookie header is used in HTTP resonses. Response.Cookie represents Set-Cookie header while in javascript you mainly control internal collection of cookies collection which (collection) is used for Cookie header population for the following HTTP requests.

I have found a tiny difference between the two. in a site I manipulate cookies via asp (classic asp) set them for example for making the user know which are the items that he viewed, or to save a list of "send me more information about this" so the user while is browsing save to the cookies the items he wants to have info on.

btw, when I invoke the function to send the email i want to delete the cookie, but if I set the cookie with JavaScript AND then I make an alert of document.cookies i have something like this:

sendme=; ASPESSIONID........=........;viewed=N01;lastvied=NA002;sendme=NA%202322...

and this is strange, also because, making any reference to that cookie later, I’ll take always the first one, it seems that JavaScript sees the asp cookies as 1 cookie, while asp can see the JavaScript one without problems... anyone has the same thing?