cookie not deleting

Question

I am using the following code to set a cookie in my asp.net mvc(C#) application:

    public static void SetValue(string key, string value, DateTime expires)
    {
        var httpContext = new HttpContextWrapper(HttpContext.Current);
        _request = httpContext.Request;
        _response = httpContext.Response;

        HttpCookie cookie = new HttpCookie(key, value) { Expires = expires };
        _response.Cookies.Set(cookie);
    }

I need to delete the cookies when the user clicks logout. The set cookie is not removing/deleting with Clear/Remove. The code is as below:

    public static void Clear()
    {
        var httpContext = new HttpContextWrapper(HttpContext.Current);
        _request = httpContext.Request;
        _response = httpContext.Response;

        _request.Cookies.Clear();
        _response.Cookies.Clear();
    }

    public static void Remove(string key)
    {
        var httpContext = new HttpContextWrapper(HttpContext.Current);
        _request = httpContext.Request;
        _response = httpContext.Response;

        if (_request.Cookies[key] != null)
        {
            _request.Cookies.Remove(key);
        }
        if (_response.Cookies[key] != null)
        {
            _response.Cookies.Remove(key);
        }
    }

I have tried both the above functions, but still the cookie exists when i try to check exist.

    public static bool Exists(string key)
    {
        var httpContext = new HttpContextWrapper(HttpContext.Current);
        _request = httpContext.Request;
        _response = httpContext.Response;
        return _request.Cookies[key] != null;
    }

What may be problem here? or whats the thing i need to do to remove/delete the cookie?

Answer 1

Clearing the cookies of the response doesn't instruct the browser to clear the cookie, it merely does not send the cookie back to the browser. To instruct the browser to clear the cookie you need to tell it the cookie has expired, e.g.

public static void Clear(string key)
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _response = httpContext.Response;

    HttpCookie cookie = new HttpCookie(key) 
        { 
            Expires = DateTime.Now.AddDays(-1) // or any other time in the past
        };
    _response.Cookies.Set(cookie);
}

Answer 2

The Cookies collection in the Request and Response objects aren't proxies for the cookies in the browser, they're a set of what cookies the browser sends you and you send back. If you remove a cookie from the request it's entirely server side, and if you have no cookies in the response you're just not going to send any thing back to the client, which won't change the set of cookies in the browser at all.

To delete a cookie, make sure that it is in the response cookie collection, but has an expiration time in the past.

Answer 3

Just to add something else I also pass the value back as null e.g.

 public static void RemoveCookie(string cookieName)
 {
  if (HttpContext.Current.Response.Cookies[cookieName] != null)
  {
   HttpContext.Current.Response.Cookies[cookieName].Value = null;
   HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Now.AddMonths(-1);
  }
 }