Why can't I delete this cookie?!

Question

Okay, here is the 411 - I have the following event handler in my Global.asax.cs file:

private void Global_PostRequestHandlerExecute(object sender, EventArgs e)
{
   if (/* logic that determines that this is an ajax call */)
   {
      // we want to set a cookie
      Response.Cookies.Add(new HttpCookie("MyCookie", "true"));
   }
}

That handler will run during Ajax requests (as a result of the Ajax framework I am using), as well as at other times - the condition of the if statement filters out non-Ajax events, and works just fine (it isn't relevant here, so I didn't include it for brevity's sake).

It suffices us to say that this works just fine - the cookie is set, I am able to read it on the client, and all is well up to that point.

Now for the part that drives me nuts.

Here is the JavaScript function I am using to delete the cookie:

function deleteCookie(name) {
   var cookieDate = new Date();
   cookieDate.setTime(cookieDate.getTime() - 1);
   document.cookie = (name + "=; expires=" + cookieDate.toGMTString());
}

So, of course, at some point after the cookie is set, I delete it like so:

deleteCookie("MyCookie");

Only, that doesn't do the job; the cookie still exists. So, anyone know why?

Answer 1

Have you tried to use ";expires=Thu, 01-Jan-1970 00:00:01 GMT" ?

Answer 2

Weird.. The code you pasted is almost verbatim to this: http://www.quirksmode.org/js/cookies.html which works fine..

I know you are using Ajax, but have you tried quickly knocking it to server side code to see if that works? This may help in figuring if it is a problem with the JS or something else (e.g mystery file locking on the cookie)?

Update

Just had a quick Google, looks like there may be issues with browser settings as well. I don't think your problem is the code here, it's more likely to be something else. I would suggest try the above as PoC and we can move from there. :)

Answer 3

I posted a js cookie util a week or so ago on my blog. This has worked for me on all "A Grade" browsers.

var CookieUtil = {
  createCookie:function(name,value,days) {
    if (days) {
        var date = new Date();
        date.setTime(date.getTime()+(days*24*60*60*1000));
        var expires = "; expires="+date.toGMTString();
    }
    else var expires = "";
    document.cookie = name+"="+value+expires+"; path=/";
  },
  readCookie:function(name) {
    var nameEQ = name + "=";
    var ca = document.cookie.split(';');
    for(var i=0;i < ca.length;i++) {
        var c = ca[i];
        while (c.charAt(0)==' ') c = c.substring(1,c.length);
        if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
    }
    return null;
  },
  eraseCookie:function(name) {
    createCookie(name,"",-1);
  }
};

Answer 4

• Have you checked the client-side and server-side cookie domains and paths to ensure they're the same?
• Is one cookie secure and the other not?
• Other than that, I would suspect server/client clock sync issues, as Erlend suggests.

Answer 5

Are we sure there's no code that sets the Cookie to HttpOnly (we're not missing anything above)? The HttpOnly property will stop (modern) browsers from modifying the cookie. I'd be interested to see if you can kill it server side like Rob suggests.

Answer 6

I assume you are calling this javascript on the browser side. Which browser are you using, how are you viewing the cookie to confirm it is still there?

Answer 7

you have to delete your cookie at the same path where you created it. so create your cookie with path=/ and delte it with path=/ as well..

Answer 8

Also if a cookie domain was specified during the creation, I've found that you must also specify the cookie domain while trying to delete (expire) it.

Answer 9

see your related topic here

http://java.pakcarid.com/Cpp.aspx?sub=385&ff=3053&topid=40&sls=25

Answer 10

code cannot delete cookies!