Remove a Cookie

Delete cookie by name?

You should define the path on which the cookie exists to ensure that you are deleting the correct cookie.

function set_cookie(name, value) {
  document.cookie = name +'='+ value +'; Path=/;';
}
function delete_cookie(name) {
  document.cookie = name +'=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}

If you don't specify the path, the browser will set a cookie relative to the page you are currently on, so if you delete the cookie while on a different page, the other cookie continues its existence.

Edit based on @Evan Morrison's comment.
Be aware that in some cases to identify the correct cookie, the Domain parameter is required.
Usually it's defined as Domain=.yourdomain.example.
Placing a dot in front of your domain name means that this cookie may exist on any sub-domain (www also counts as sub-domain).

Also, as mentioned in @RobertT's answer, HttpOnly cookies cannot be deleted with JavaScript on the client side.

How to delete cookie

Cookies are keyed by name, so when you "change" the name, you actually "create" a different cookie, already expired.

Keep the name the same and it should work, but don't forget to take some time one day to read about cookies and how they work.

How to delete a cookie from backend upon an error

To delete a cookie, set the Max-Age directive to 0 and unset its value. You must also pass the same other cookie properties you used to set it. Don't set the Max-Age directive value to -1. Otherwise, it will be treated as a session cookie by the browser.

// create a cookie
Cookie cookie = new Cookie("username", null);
cookie.setMaxAge(0);
cookie.setSecure(true);
cookie.setHttpOnly(true);
cookie.setPath("/");

//add cookie to response
response.addCookie(cookie);

For more, refer to the post by Dzone:
https://dzone.com/articles/how-to-use-cookies-in-spring-boot

How to remove a cookie

Cookies are tied to a specific path. You need to make sure that you set the same path during cookie's removal as it was as during cookie's creation. It defaults to the currently requested folder in the URL (and would thus only be available in the same folder or all its subfolders). You'd better explicitly specify the path, otherwise it would be dependent on the currently requested folder in the URL. The cookie path information is like the maxage namely not available in the request cookie header.

Assuming that you created the cookie as follows,

Cookie cookie = new Cookie("CookieForLogin", cookieForLogin);
cookie.setPath("/somePath");
cookie.setMaxAge(maxAgeInSeconds);
// ...
response.addCookie(cookie);

it needs to be removed as follows:

Cookie cookie = new Cookie("CookieForLogin", null);
cookie.setPath("/somePath");
cookie.setMaxAge(0);
// ...
response.addCookie(cookie);

The /somePath is just exemplary. You can also just use /, as long as it's the same in both cases.

Note, the same applies to the Secure and HTTP-only flags of the cookie. If you have initially set it to true during cookie's creation, then you should also set it to true during cookie's removal, they namely defaults to false.

That said, I'm not sure how it's useful to store the logged-in user as a cookie. You're basically also allowing the enduser to manipulate its value. Rather just store the logged-in user as a session attribute instead and call session.invalidate() on logout.

How to delete a cookie if I only know its name's first few characters - with Javascript?

You could just remove the cookie value using:

function removeCookieValue(name) {
    document.cookie = name+'="";-1; path=/';
}

removeCookieValue('_ga')

Correct way to delete cookies server-side

Sending the same cookie value with ; expires appended will not destroy the cookie.

Invalidate the cookie by setting an empty value and include an expires field as well:

Set-Cookie: token=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT

Note that you cannot force all browsers to delete a cookie. The client can configure the browser in such a way that the cookie persists, even if it's expired. Setting the value as described above would solve this problem.

How to remove cookie from Sveltekit hook?

Something like this should work:

const response = await resolve(event);

response.headers.set(
  'set-cookie',
  serialize('cookie name', '', {
    expires: Date.now() - 3600
  })
)

Can't remove cookie

To remove cookie you have to send it with an expiration date set to now or previous date. Removing it using HttpContext.Request.Cookies.Remove(Constants.User); just remove it from the collection, but it still exists in a client browser.

For example instead of using Remove function use:

    Response.Cookies[Constants.User].Expires = DateTime.Now.AddDays(-1);

Related Topics

Sending Email With Gmail Smtp With Codeigniter Email Library

Property [Title] Does Not Exist on This Collection Instance

Force Ssl/Https Using .Htaccess and Mod_Rewrite

Increasing the Maximum Post Size

How to Connect to Multiple MySQL Databases on a Single Webpage

How to Convert Date to Timestamp in PHP

How to Send 100,000 Emails Weekly

How to Replace "If" Statement With a Ternary Operator ( : )

What in Layman'S Terms Is a Recursive Function Using PHP

How to Explain Composer'S Error Log

How to Get a Substring Between Two Strings in PHP

Curly Braces in String in PHP

Difference Between Require, Include, Require_Once and Include_Once

Parse Xml With Namespace Using Simplexml

In_Array() and Multidimensional Array

Convert PHP Array to JavaScript

How to Get Body of a Post in PHP

How to Properly Set Up a Pdo Connection


Leave a reply



Submit