Cookie is not deleted

Related searches

I am using the following code to set a cookie in my asp.net mvc(C#) application:

public static void SetValue(string key, string value, DateTime expires)
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _request = httpContext.Request;
    _response = httpContext.Response;

    HttpCookie cookie = new HttpCookie(key, value) { Expires = expires };
    _response.Cookies.Set(cookie);
}

I need to delete the cookies when the user clicks logout. The set cookie is not removing/deleting with Clear/Remove. The code is as below:

public static void Clear()
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _request = httpContext.Request;
    _response = httpContext.Response;

    _request.Cookies.Clear();
    _response.Cookies.Clear();
}

public static void Remove(string key)
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _request = httpContext.Request;
    _response = httpContext.Response;

    if (_request.Cookies[key] != null)
    {
        _request.Cookies.Remove(key);
    }
    if (_response.Cookies[key] != null)
    {
        _response.Cookies.Remove(key);
    }
}

I have tried both the above functions, but still the cookie exists when i try to check exist.

public static bool Exists(string key)
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _request = httpContext.Request;
    _response = httpContext.Response;
    return _request.Cookies[key] != null;
}

What may be problem here? or whats the thing i need to do to remove/delete the cookie?

Clearing the cookies of the response doesn't instruct the browser to clear the cookie, it merely does not send the cookie back to the browser. To instruct the browser to clear the cookie you need to tell it the cookie has expired, e.g.

public static void Clear(string key)
{
    var httpContext = new HttpContextWrapper(HttpContext.Current);
    _response = httpContext.Response;

    HttpCookie cookie = new HttpCookie(key) 
        { 
            Expires = DateTime.Now.AddDays(-1) // or any other time in the past
        };
    _response.Cookies.Set(cookie);
}

cookies will not delete - Google Chrome Community, I have one cookie on the second device and it is linked to a malware call that sends web sites for me to view in the background. Where in Android� View and delete cookies stored on your hard drive Open the Safari browser. Select Safari from the menu bar. In the drop-down menu that appears, select Preferences. Click the Privacy tab. Under Cookies and website data, click the Manage Website Details button. Delete cookies individually by

The Cookies collection in the Request and Response objects aren't proxies for the cookies in the browser, they're a set of what cookies the browser sends you and you send back. If you remove a cookie from the request it's entirely server side, and if you have no cookies in the response you're just not going to send any thing back to the client, which won't change the set of cookies in the browser at all.

To delete a cookie, make sure that it is in the response cookie collection, but has an expiration time in the past.

My Cookies Won't Delete (4 Steps), A cookie is a small file implanted on your computer system by a website after you visit it. Cookies can take up sizable memory over time if they are not deleted. Cookies are removed after the browser is closed, however some cookies still remain. For example: Document Object Model (DOM) storage. The DOM storage is a kind of "super cookie" web developers can use to retain information. Like regular cookies, they are not kept after the window is closed. There are many types of cookies a few of them are listed below:

Just to add something else I also pass the value back as null e.g.

    public static void RemoveCookie(string cookieName)
    {
        if (HttpContext.Current.Response.Cookies[cookieName] != null)
        {
            HttpContext.Current.Response.Cookies[cookieName].Value = null;
            HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Now.AddMonths(-1);
        }
    }

Unable to delete cookie via document.cookie from page that is local , But when I use a page loader to load my html/javascript locally, cookies are not deleted properly. Here is my test code: File "run.js": var page =� Evercookies hide user tracking information using loopholes in how a browser communicates with a server, and after normal cookies and caches are deleted, re-creates the cookie and places it back.

The best way to implement this is to use a tool like Reflector and see how the System.Web.Security.FormsAuthentication.SignOut method implements removing the authentication cookie.

In Reflector, open up System.Web and navigate to the FormsAuthentication object and find the SignOut method. Right click on it and select "Disassemble" (Choose your language from the menu).

VB.NET

Public Shared Sub SignOut()

    FormsAuthentication.Initialize

    Dim current As HttpContext = HttpContext.Current
    Dim flag As Boolean = current.CookielessHelper.DoesCookieValueExistInOriginal("F"c)
    current.CookielessHelper.SetCookieValue("F"c, Nothing)

    If (Not CookielessHelperClass.UseCookieless(current, False, FormsAuthentication.CookieMode) OrElse current.Request.Browser.Cookies) Then
        Dim str As String = String.Empty

        If (current.Request.Browser.Item("supportsEmptyStringInCookieValue") = "false") Then
            str = "NoCookie"
        End If

        Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, str)

        cookie.HttpOnly = True
        cookie.Path = FormsAuthentication._FormsCookiePath
        cookie.Expires = New DateTime(&H7CF, 10, 12)
        cookie.Secure = FormsAuthentication._RequireSSL

        If (Not FormsAuthentication._CookieDomain Is Nothing) Then
            cookie.Domain = FormsAuthentication._CookieDomain
        End If

        current.Response.Cookies.RemoveCookie(FormsAuthentication.FormsCookieName)
        current.Response.Cookies.Add(cookie)
    End If

    If flag Then
        current.Response.Redirect(FormsAuthentication.GetLoginPage(Nothing), False)
    End If

End Sub

With the above as an example, I was able to create a common method called RemoveCookie() in a shared assembly, code is below:

VB.NET

''' <summary>
''' Method to remove a cookie
''' </summary>
''' <param name="key">Key</param>
''' <remarks></remarks>
Public Shared Sub RemoveCookie(ByVal key As String)

    ' Encode key for retrieval and remove cookie
    With HttpContext.Current
        Dim cookie As New HttpCookie(.Server.UrlEncode(key))

        If Not IsNothing(cookie) Then
            With cookie
                .HttpOnly = True
                .Expires = New DateTime(&H7CF, 10, 12)
            End With

            ' Remove from server (has no effect on client)
            .Response.Cookies.Remove(.Server.UrlEncode(key))
            ' Add expired cookie to client, effectively removing it
            .Response.Cookies.Add(cookie)
        End If

    End With

End Sub

Having tested this using FireBug and the Cookie add-in for FireBug (in FireFox), I can attest that the cookie immediately gets removed.

Any questions, feel free to message me.

$.removeCookie is not deleting cookie in Chrome � Issue #382 , From where are you trying to remove the cookie? You have to be within the same path (or "below") in order to delete such a cookie. Delete cookies every time you close the browser. Open Microsoft Edge and then select Settings and more > Settings > Privacy and services. Under Clear browsing data, select Choose what to clear every time you close the browser. Turn on the Cookies and other site data toggle. View cookies.

After playing around with this for some time and trying all of the other answers here I discovered that none of the answers here are totally correct.

The part that is correct is that you have to send an expired cookie to effect the deletion. The part that nobody else picked up on (but is demonstrated in the Microsoft code posted by Ed DeGagne) is that the cookie options for the deletion must match exactly the cookie options that were used to set the cookie in the first place.

For example if you originally created the cookie with the HttpOnly option then you must also set this option when deleting the cookie. I expect the exact behavior will vary across browsers and probably over time, so the only safe option that will work long-term is to make sure that all of the cookie options in the deletion response match exactly the cookie options used to create the cookie originally.

Deleting a cookie with PHP - PHP, Unsetting the $_COOKIE element doesn't actually delete the cookie, it just So, does that mean that there is no such a thing which will do the� To delete cookies In Internet Explorer, select the Tools button, point to Safety, and then select Delete browsing history.  Select the Cookies and website data check box, and then select Delete Block or allow cookies

cookies not being deleted. Ask Question Asked 9 years, 3 months ago. Active 3 years, 6 months ago. Viewed 9k times 2. 1. I have a basic login system. The basic login

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie () may be used for that. Note: PHPSESSID is the cookie propagating the session ID.

On the General tab, click Delete Cookies in the Temporary Internet Files section of the Internet Properties dialog box. In the Delete Files dialog box, click to select the Delete all offline content check box, and then click OK .

Comments
  • This isn't quite enough. Take a look at the code in my response below.
  • @Ed - Your code does exactly the same as mine apart from it has a couple of unnecessary lines such as checking whether a newly instantiated object exists (it does). What do you think this is missing?
  • Yes, the null check is unnecessary. But I found I needed to to both: ' Remove from server (has no effect on client) .Response.Cookies.Remove(key) ' Expire on Client .Response.Cookies.Add(cookie) Otherwise the cookie never actually gets deleted. Judging from Microsoft's code and other samples I have seen, doing both seems to be the way to guarantee that the cookie does indeed get removed.
  • wouldn't you want to do AddYears(-1) to make sure the cookie is expired if the user's clock is off?
  • @GregBeech - Why we need to this line: "_response = httpContext.Response;"
  • Thanks, this is really all that's needed
  • BTW, if you are not UrlEncoding your key and value (you should be), then just remove the .Server.UrlEncode(key) and just replace with key.
  • Lots of code and not much explanation. Could have answered the question better.
  • Is this better than Rippo's 10.5 year old answer? If so, please elaborate.