Delete cookie by name?
You should define the path on which the cookie exists to ensure that you are deleting the correct cookie.
function set_cookie(name, value) {
document.cookie = name +'='+ value +'; Path=/;';
}
function delete_cookie(name) {
document.cookie = name +'=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}
If you don't specify the path, the browser will set a cookie relative to the page you are currently on, so if you delete the cookie while on a different page, the other cookie continues its existence.
Edit based on @Evan Morrison's comment.
Be aware that in some cases to identify the correct cookie, the Domain
parameter is required.
Usually it's defined as Domain=.yourdomain.example
.
Placing a dot in front of your domain name means that this cookie may exist on any sub-domain (www
also counts as sub-domain).
Also, as mentioned in @RobertT's answer, HttpOnly
cookies cannot be deleted with JavaScript on the client side.
How to delete cookie
Cookies are keyed by name, so when you "change" the name, you actually "create" a different cookie, already expired.
Keep the name the same and it should work, but don't forget to take some time one day to read about cookies and how they work.
How to delete a cookie from backend upon an error
To delete a cookie, set the Max-Age directive to 0 and unset its value. You must also pass the same other cookie properties you used to set it. Don't set the Max-Age directive value to -1. Otherwise, it will be treated as a session cookie by the browser.
// create a cookie
Cookie cookie = new Cookie("username", null);
cookie.setMaxAge(0);
cookie.setSecure(true);
cookie.setHttpOnly(true);
cookie.setPath("/");
//add cookie to response
response.addCookie(cookie);
For more, refer to the post by Dzone:
https://dzone.com/articles/how-to-use-cookies-in-spring-boot
How to remove a cookie
Cookies are tied to a specific path. You need to make sure that you set the same path during cookie's removal as it was as during cookie's creation. It defaults to the currently requested folder in the URL (and would thus only be available in the same folder or all its subfolders). You'd better explicitly specify the path, otherwise it would be dependent on the currently requested folder in the URL. The cookie path information is like the maxage namely not available in the request cookie header.
Assuming that you created the cookie as follows,
Cookie cookie = new Cookie("CookieForLogin", cookieForLogin);
cookie.setPath("/somePath");
cookie.setMaxAge(maxAgeInSeconds);
// ...
response.addCookie(cookie);
it needs to be removed as follows:
Cookie cookie = new Cookie("CookieForLogin", null);
cookie.setPath("/somePath");
cookie.setMaxAge(0);
// ...
response.addCookie(cookie);
The /somePath
is just exemplary. You can also just use /
, as long as it's the same in both cases.
Note, the same applies to the Secure and HTTP-only flags of the cookie. If you have initially set it to true
during cookie's creation, then you should also set it to true
during cookie's removal, they namely defaults to false
.
That said, I'm not sure how it's useful to store the logged-in user as a cookie. You're basically also allowing the enduser to manipulate its value. Rather just store the logged-in user as a session attribute instead and call session.invalidate()
on logout.
How to delete a cookie if I only know its name's first few characters - with Javascript?
You could just remove the cookie value using:
function removeCookieValue(name) {
document.cookie = name+'="";-1; path=/';
}
removeCookieValue('_ga')
Correct way to delete cookies server-side
Sending the same cookie value with ; expires
appended will not destroy the cookie.
Invalidate the cookie by setting an empty value and include an expires
field as well:
Set-Cookie: token=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Note that you cannot force all browsers to delete a cookie. The client can configure the browser in such a way that the cookie persists, even if it's expired. Setting the value as described above would solve this problem.
How to remove cookie from Sveltekit hook?
Something like this should work:
const response = await resolve(event);
response.headers.set(
'set-cookie',
serialize('cookie name', '', {
expires: Date.now() - 3600
})
)
Can't remove cookie
To remove cookie you have to send it with an expiration date set to now or previous date. Removing it using HttpContext.Request.Cookies.Remove(Constants.User);
just remove it from the collection, but it still exists in a client browser.
For example instead of using Remove
function use:
Response.Cookies[Constants.User].Expires = DateTime.Now.AddDays(-1);
Related Topics
Sending Email With Gmail Smtp With Codeigniter Email Library
Property [Title] Does Not Exist on This Collection Instance
Force Ssl/Https Using .Htaccess and Mod_Rewrite
Increasing the Maximum Post Size
How to Connect to Multiple MySQL Databases on a Single Webpage
How to Convert Date to Timestamp in PHP
How to Send 100,000 Emails Weekly
How to Replace "If" Statement With a Ternary Operator ( : )
What in Layman'S Terms Is a Recursive Function Using PHP
How to Explain Composer'S Error Log
How to Get a Substring Between Two Strings in PHP
Difference Between Require, Include, Require_Once and Include_Once
Parse Xml With Namespace Using Simplexml
In_Array() and Multidimensional Array
Convert PHP Array to JavaScript