DEV Community

IronSoftware
IronSoftware

Posted on

Cookies in HTML to PDF Conversion C#

#csharp #dotnet

Converting authenticated web pages to PDF requires passing cookies to maintain session state. Without cookies, your PDF converter gets the login page instead of the protected content.

using IronPdf;
// Install via NuGet: Install-Package IronPdf

var renderer = new ChromePdfRenderer();
renderer.RenderingOptions.CustomCookies = new Dictionary<string, string>
{
    { ".AspNetCore.Session", "abc123xyz" },
    { "auth_token", "user-jwt-token-here" }
};

var pdf = renderer.RenderUrlAsPdf("https://myapp.com/dashboard");
pdf.SaveAs("authenticated-page.pdf");
Enter fullscreen mode Exit fullscreen mode

The cookies travel with the request, and the server treats it like a logged-in browser session.

Why Do Cookies Matter for PDF Generation?

When you render a URL to PDF, IronPDF's Chrome engine makes HTTP requests just like a browser. But without cookies:

  • Session-protected pages redirect to login
  • User-specific content shows default/anonymous state
  • CSRF-protected forms fail to render
  • Personalized dashboards show nothing useful

Cookies solve this by carrying authentication tokens, session IDs, and user preferences to the server.

How Do I Pass Custom Cookies?

Use the CustomCookies dictionary:

using IronPdf;
// Install via NuGet: Install-Package IronPdf

var renderer = new ChromePdfRenderer();

// Add multiple cookies
renderer.RenderingOptions.CustomCookies = new Dictionary<string, string>
{
    { "sessionId", "sess_abc123" },
    { "userId", "12345" },
    { "preferences", "dark-mode" }
};

var pdf = renderer.RenderUrlAsPdf("https://example.com/user/profile");
pdf.SaveAs("user-profile.pdf");
Enter fullscreen mode Exit fullscreen mode

Each key-value pair becomes a cookie sent with every request during rendering.

How Do I Handle ASP.NET Authentication Cookies?

ASP.NET uses specific cookie names. Capture them from an authenticated request:

using IronPdf;
// Install via NuGet: Install-Package IronPdf

// The cookie name depends on your auth setup
// Common names: .AspNetCore.Identity.Application, .AspNetCore.Cookies, ASP.NET_SessionId

var renderer = new ChromePdfRenderer();
renderer.RenderingOptions.CustomCookies = new Dictionary<string, string>
{
    { ".AspNetCore.Identity.Application", GetAuthCookieFromCurrentUser() },
    { "ASP.NET_SessionId", GetSessionId() }
};

var pdf = renderer.RenderUrlAsPdf("https://myapp.com/admin/reports");
Enter fullscreen mode Exit fullscreen mode

The exact cookie name varies by configuration. Check your browser dev tools to find the right one.

How Do I Use Cookies from the Current HTTP Context?

In ASP.NET Core, extract cookies from the current request:

using IronPdf;
using Microsoft.AspNetCore.Http;
// Install via NuGet: Install-Package IronPdf

public class PdfController : Controller
{
    public IActionResult GenerateReport()
    {
        var renderer = new ChromePdfRenderer();

        // Copy cookies from current request
        var cookies = new Dictionary<string, string>();
        foreach (var cookie in Request.Cookies)
        {
            cookies[cookie.Key] = cookie.Value;
        }

        renderer.RenderingOptions.CustomCookies = cookies;

        // Render the same page the user is viewing
        var pdf = renderer.RenderUrlAsPdf($"{Request.Scheme}://{Request.Host}/reports/dashboard");

        return File(pdf.BinaryData, "application/pdf", "report.pdf");
    }
}
Enter fullscreen mode Exit fullscreen mode

This ensures the PDF shows exactly what the logged-in user sees.

What Is Request Context and Why Does It Matter?

IronPDF's RequestContext controls how cookies persist between renders:

using IronPdf;
// Install via NuGet: Install-Package IronPdf

var renderer = new ChromePdfRenderer();

// Isolated: Fresh context for each render (default)
renderer.RenderingOptions.RequestContext = RequestContexts.Isolated;

// Global: Cookies persist across all renders
renderer.RenderingOptions.RequestContext = RequestContexts.Global;

// Auto: IronPDF decides based on scenario
renderer.RenderingOptions.RequestContext = RequestContexts.Auto;
Enter fullscreen mode Exit fullscreen mode
Mode Behavior Use Case
Isolated Clean slate each time Independent renders, no cross-contamination
Global Cookies carry over Multi-step workflows, login once
Auto IronPDF optimizes General use

How Do I Log In and Then Render?

For sites requiring form-based login:

using IronPdf;
// Install via NuGet: Install-Package IronPdf

var renderer = new ChromePdfRenderer();

// Use global context so login cookies persist
renderer.RenderingOptions.RequestContext = RequestContexts.Global;

// Set login credentials
var loginCredentials = new ChromeHttpLoginCredentials
{
    LoginFormUrl = "https://example.com/login",
    CustomCookies = new Dictionary<string, string>
    {
        { "remember_me", "true" }
    }
};

// First render hits login, cookies get set
renderer.RenderUrlAsPdf("https://example.com/login");

// Now render protected page with session cookies
var pdf = renderer.RenderUrlAsPdf("https://example.com/protected/dashboard");
pdf.SaveAs("dashboard.pdf");
Enter fullscreen mode Exit fullscreen mode

The global context keeps cookies from the login page for subsequent requests.

How Do I Handle JWT Bearer Tokens?

JWTs often travel in cookies or headers. For cookie-based JWT:

using IronPdf;
// Install via NuGet: Install-Package IronPdf

var renderer = new ChromePdfRenderer();

// JWT stored in HttpOnly cookie
renderer.RenderingOptions.CustomCookies = new Dictionary<string, string>
{
    { "jwt", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." },
    { "refresh_token", "refresh_abc123" }
};

var pdf = renderer.RenderUrlAsPdf("https://api.example.com/reports/generate");
Enter fullscreen mode Exit fullscreen mode

For header-based JWT, use CustomHttpHeaders instead of cookies.

How Do I Debug Cookie Issues?

When PDFs show login pages instead of content:

using IronPdf;
// Install via NuGet: Install-Package IronPdf

var renderer = new ChromePdfRenderer();

// Enable detailed logging
renderer.RenderingOptions.EnableJavaScript = true;
renderer.RenderingOptions.WaitFor.RenderDelay = 2000; // Wait for redirects

// Add cookies
renderer.RenderingOptions.CustomCookies = new Dictionary<string, string>
{
    { "debug_cookie", "test_value" }
};

// Check what page actually rendered
var pdf = renderer.RenderUrlAsPdf("https://example.com/protected");

// Extract text to verify content
var text = pdf.ExtractAllText();
Console.WriteLine(text.Substring(0, Math.Min(500, text.Length)));
Enter fullscreen mode Exit fullscreen mode

If you see login page text, your cookies aren't being accepted. Common causes:

  • Wrong cookie name
  • Expired token
  • Missing domain/path attributes
  • HttpOnly cookies that can't be accessed client-side

How Do I Handle Secure and HttpOnly Cookies?

Some cookies have restrictions:

using IronPdf;
// Install via NuGet: Install-Package IronPdf

var renderer = new ChromePdfRenderer();

// Secure cookies require HTTPS
// Make sure you're rendering HTTPS URLs

// HttpOnly cookies can still be passed to IronPDF
// You just can't read them from JavaScript
renderer.RenderingOptions.CustomCookies = new Dictionary<string, string>
{
    { "secure_session", "value" },  // Works if URL is HTTPS
    { "httponly_auth", "value" }    // Works fine
};

var pdf = renderer.RenderUrlAsPdf("https://secure.example.com/page");
Enter fullscreen mode Exit fullscreen mode

IronPDF handles secure/HttpOnly flags correctly when you provide the values directly.

How Do I Convert Local HTML with Cookie-Dependent Resources?

When your HTML references authenticated external resources:

using IronPdf;
// Install via NuGet: Install-Package IronPdf

var renderer = new ChromePdfRenderer();

// Cookies apply to all HTTP requests during rendering
// Including images, CSS, JS from authenticated endpoints
renderer.RenderingOptions.CustomCookies = new Dictionary<string, string>
{
    { "cdn_auth", "authenticated_cdn_token" }
};

var html = @"
    <html>
    <body>
        <h1>Report</h1>
        <img src='https://cdn.example.com/protected/chart.png' />
        <link rel='stylesheet' href='https://cdn.example.com/protected/styles.css' />
    </body>
    </html>";

var pdf = renderer.RenderHtmlAsPdf(html);
Enter fullscreen mode Exit fullscreen mode

Cookies travel with every request the renderer makes, including embedded resources.

Quick Reference

Task Code
Add single cookie CustomCookies = new Dictionary<string, string> { { "key", "value" } }
Persist cookies RequestContext = RequestContexts.Global
Fresh each time RequestContext = RequestContexts.Isolated
Copy from ASP.NET Loop through Request.Cookies

Cookies make authenticated PDF generation possible. Pass the right session tokens, and protected pages render just like they do in the browser.

For more details on authentication scenarios, see the IronPDF cookies documentation.

Written by Jacob Mellor, CTO at Iron Software. Jacob created IronPDF and leads a team of 50+ engineers building .NET document processing libraries.

Top comments (0)