Request.Browser.Cookies == true 有用吗？

关于判断客户端cookie使用状况，很多教程都在讲用如下代码：

if (Request.Browser.Cookies == true)

{

if (Request.Cookies["LastVisited1"] == null)

{

HttpCookie newCookie = new HttpCookie("LastVisited1",DateTime.Now.ToString());

newCookie.Expires = DateTime.Now.AddYears(1);

Response.Cookies.Add(newCookie);

this.txtName.Text = "Is this your first time?";

} else {

this.txtName.Text = "We haven't seen you since " +

 Request.Cookies["LastVisited1"].Value;

}  }
看起来好像可以解决很多问题。
可是这种做法真的有用吗？至少在我看来达不到我的使用要求。 我做了很多试验，都不成功。可能是我比较笨，这个例子被大家广为传抄，我就是做不成功。看起来不管我怎么设置IE，Request.Browser.Cookies它总是为真。问题在哪里?
在网上找到了这么个说法：
I should have learned by now there are three things you can’t trust to tell you whole story: Politicians, Ad men and the MSDN library. Today I had a case in point. If you go read the entry for the Cookies property of Request.Browser, you might be lead to think that this will tell you if the User Agent currently using your Web Form has cookies enabled. Turns out that this isn’t the case, but understanding why takes a bit of understanding of what’s going on under the cover.

Classic ASP supports a facility known as Browser Capacity. ASP.NET supports similar functionality within the HttpBrowserCapabilities class. In the normal ASP.NET context, that means that current Request object will have an instance of that populated for you to use as the Request.Browser object.

The HttpBrowserCapabilities class is essentially a hash collection articulated with a number of properties. When ASP.NET starts processing a page request, it starts populating this hash with by parsing the User Agent String (if any) sent along with the request. ASP.NET then uses this information to perform look-ups against a collection of static XML files that describe the abilities of browsers. ASP.NET then populates the properties of the Request.Browser class.

In this case, that’s a problem. Why? Unlike we expected, this doesn’t tell us what the User Agent at the other end of the conversation is actually configured to do, rather, it tells us what it should be capable of doing.

If the paranoid user decides to disable Cookies, ASP.NET doesn’t detect that. It just goes off what the configuration files tells it the browser should be able to do. Why? In reading various RFCs, it doesn’t appear that there is a way for the User Agent to transmit that it will accept or reject cookies in the Request header.

So even though you can likely rely on the HttpBrowserCapabilities class to tell you if certain browser features should be available, the only way to know of sure is to actually test for it. In the case of Cookies that’s fairly easy, you’ll just need a couple of extra web pages: one that tries to set a Cookie and one that tries to read that same cookie. Here’s same sample C# code for doing that:

Setting a test Cookie

System.Web.HttpCookie cookie;

// Create a new cookie with the SessionID, then add it to the cookies going back with the response.
cookie = new System.Web.HttpCookie("TestCookie",Session.SessionID);
cookie.Expires = System.DateTime.Now.AddSeconds(10);
Response.Cookies.Add(cookie);
Response.Redirect("cookietestpage2.aspx",true);

Reading and acting on a test Cookie

HttpCookie cookie;

// Try to avoid cached responses by immediately expiring the page
Response.Expires = 0;
Response.Cache.SetCacheability(HttpCacheability.NoCache);

// Fetch the test cookie if you can
cookie = Request.Cookies["TestCookie"];
if ((cookie != null)&&(cookie.Value == Session.SessionID))
{
        // what you'd do if Cookies are supported
}
else
{
        // what you'd do if Cookies aren't supported
}

Of course, users this paranoid may also decide to disable JavaScript and ASP.NET probably won’t be able to detect that either. You can use a slightly more elaborate version of what we had above to test that. One the first page, write a bit of client-side JavaScript to create either create a custom URL to navigate that makes use of a Request.QueryString parameters, or you can set use a bit of JavaScript to set the value of a hidden form field. Just make sure that any such fields aren’t set to run at the server side.

The HttpBrowserCapabilities class does expose a number of other properties we might be interested in such as if Frames are supported of if ActiveX controls are supported. All of these features will have the same detection limitation as well. Similar detection tricks could be used to determine many of these.

这么一堆，就是说 HttpBrowserCapabilities 这个类，只能说明客户浏览器支不支持cookie，但是却不可以说明用户有没有禁用cookie，娘的，不支持cookie的浏览器还真少。
如此看来，要判断是否能使用Cookie，还就是只能用这么个老土的办法。郁闷啊。  我水平有限，以上理解可能不对，希望大家帮忙找到一个更好的解决方案。 我在做SSO，本来涉及页面转跳就比较多使用cookie的情况比较多，这样为了判断能否使用cookie，凭添几次转跳，不好。
另外，有些时候还真不能想当然，否则会误人子弟。