ASP.NET: How to set HttpCookie expiration time while it remains a session cookie?

Question

It seems from msdn(comment at the page bottom), if you set the Expires property of a HttpCookie, it becomes a persistent cookie stored in the temp internet files folder. What to do if I want it to remain a session cookie (which means when you close the browser, it's gone), but still want to set the expiration time, say to 30 minutes? When you use the ASP.NET Membership API, you can set the expiration of a session cookie(the authentication cookie) in web.config, so it means there must be a way to set session cookie's expiration time.

Answer 1

You could perhaps add another cookie (also a session cookie) which contains a DateTime that tells your application how long the first cookie is valid. Then everytime your application reads the first cookie it would also check the new cookie to see if it's still valid.

I think this is more or less how the membership is doing it. Although in that case there is just one cookie, but that cookie contains several fields (pieces of information).

Answer 2

Taking into account your requirement I'd say that unless you have a very strong reason to use cookies you should be using the Session object.

If you're not storing a "big" amount of information on this cookie and / or the number of users is not expected to be considerable this seems to be the best option.

Answer 3

Have you tried something like this:

this.Response.Cookies["d"].Expires = DateTime.Now.AddMinutes(30);