I've got a web system where users log in, and it stores a cookie of their session. When they log in as someone else or log out I want to remove that original cookie that I stored. What's the best way to do that? I'm using Python and Apache, though I suppose the answer will remain the same for most languages.
+4
A:
I guess the best way is to set the expiration to a date of the cookie to some date in the past.
Matthias
2008-10-14 07:28:51
+6
A:
Set the cookie again, as if you hadn't set it the first time, but specify an expiration date that is in the past.
Richard Turner
2008-10-14 07:35:43
+1
A:
Return the header
Set-Cookie: token=opaque; Domain=.your.domain; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
The Domain and Path must match the original attributes that the cookie was issued under.
Dave Cheney
2008-10-14 07:38:45