Remove a cookie

Question

When I want to remove a Cookie I try

unset($_COOKIE['hello']);

I see in my cookie browser from firefox that the cookie still exists. How can I really remove the cookie?

Answer 1

You May Try this

if (isset($_COOKIE['remember_user'])) {
    unset($_COOKIE['remember_user']); 
    setcookie('remember_user', '', -1, '/'); 
    return true;
} else {
    return false;
}

Answer 2

Set the value to "" and the expiry date to yesterday (or any date in the past)

setcookie("hello", "", time()-3600);

Then the cookie will expire the next time the page loads.

Answer 3

A clean way to delete a cookie is to clear both of $_COOKIE value and browser cookie file :

if (isset($_COOKIE['key'])) {
    unset($_COOKIE['key']);
    setcookie('key', '', time() - 3600, '/'); // empty value and old timestamp
}

Answer 4

To reliably delete a cookie it's not enough to set it to expire anytime in the past, as computed by your PHP server. This is because client computers can and often do have times which differ from that of your server.

The best practice is to overwrite the current cookie with a blank cookie which expires one second after the epoch (1 January 1970 00:00:00 UTC), as so:

setcookie('hello', '', 1);

Answer 5

That will unset the cookie in your code, but since the $_COOKIE variable is refreshed on each request, it'll just come back on the next page request.

To actually get rid of the cookie, set the expiration date in the past:

// set the expiration date to one hour ago
setcookie("hello", "", time()-3600);

Answer 6

I had the same problem in my code and found that it was a cookie path issue. Check out this stack overflow post: Can't delete php set cookie

I had set the cookie using a path value of "/", but didn't have any path value when I tried to clear it, so it didn't clear. So here is an example of what worked:

Setting the cookie:

$cookiePath = "/";
$cookieExpire = time()+(60*60*24);//one day -> seconds*minutes*hours
setcookie("CookieName",$cookieValue,$cookieExpire,$cookiePath);

Clearing the cookie:

setcookie("cookieName","", time()-3600, $cookiePath);
unset ($_COOKIE['cookieName']);

Hope that helps.

Answer 7

This is how PHP v7 setcookie() code works when you do:

<?php
    setcookie('user_id','');
    setcookie('session','');
?>

From the output of tcpdump while sniffing on the port 80, the server sends to the client (Browser) the following HTTP headers:

Set-Cookie: user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
Set-Cookie: session=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0

Observing packets in the following requests the Browser no longer sends these cookies in the headers

Answer 8

Just set the value of cookie to false in order to unset it:

setcookie('cookiename', false);

Answer 9

If you set the cookie to expire in the past, the browser will remove it. See setcookie() delete example at php.net

Answer 10

If you want to delete the cookie completely from all your current domain then the following code will definitely help you.

unset($_COOKIE['hello']);
setcookie("hello", "", time() - 300,"/");

This code will delete the cookie variable completely from all your domain i.e; " / " - it denotes that cookie variable's value all set for all domain not just for current domain or path. time() - 300 denotes that it sets to a previous time so it will expire.

Thats how it's perfectly deleted.

Answer 11

See the sample labelled "Example #2 setcookie() delete example" from the PHP docs. To clear a cookie from the browser, you need to tell the browser that the cookie has expired... the browser will then remove it. unset as you've used it just removes the 'hello' cookie from the COOKIE array.

Answer 12

To delete cookie you just need to set the value to NULL:

"If you've set a cookie with nondefault values for an expiration time, path, or domain, you must provide those same values again when you delete the cookie for the cookie to be deleted properly." Quote from "Learning PHP5" book.

So this code should work(works for me):

Setting the cookie: setcookie('foo', 'bar', time() + 60 * 5);

Deleting the cookie: setcookie('foo', '', time() + 60 * 5);

But i noticed that everybody is setting the expiry date to past, is that necessary, and why?

Answer 13

I know that there has been a long time since this topic has been created but I saw a little mistake within this solution (I can call it like that, because it's a detail). I agree that the better solution is probably this solution:

if (isset($_COOKIE['remember_user'])) {
            unset($_COOKIE['Hello']);
            unset($_COOKIE['HelloTest1']);
            setcookie('Hello', null, -1, '/');
            setcookie('HelloTest1', null, -1, '/');
            return true;
        } else {
            return false;
        }

But, in the present case, you delete the cookies in every case where the unset function works and immediately you create new expired cookies in case that the unset function doesn't work.

That means that even if the unset function works, it will still have 2 cookies on the computer. The asked goal, in a logical point of view, is to delete the cookies if it is possible and if it really isn't, make it expire; to get "the cleanest" result.

So, I think we better should do:

if (isset($_COOKIE['remember_user'])) {
            setcookie('Hello', null, -1, '/');
            setcookie('HelloTest1', null, -1, '/');
            unset($_COOKIE['Hello']);
            unset($_COOKIE['HelloTest1']);
            return true;
        } else {
            return false;
        }

Thanks and have a nice day :)

Answer 14

To remove all cookies you could write:

foreach ($_COOKIE as $key => $value) {
    unset($value);
    setcookie($key, '', time() - 3600);
}

Answer 15

Just set the expiration date to one hour ago, if you want to "remove" the cookie, like this:

setcookie ("TestCookie", "", time() - 3600);

or

setcookie ("TestCookie", "", time() - 3600, "/~rasmus/", "example.com", 1);

Source: http://www.php.net/manual/en/function.setcookie.php

You should use the filter_input() function for all globals which a visitor can enter/manipulate, like this:

$visitors_ip = filter_input(INPUT_COOKIE, 'id');

You can read more about it here: http://www.php.net/manual/en/function.filter-input.php and here: http://www.w3schools.com/php/func_filter_input.asp

Answer 16

$cookie_name = "my cookie";
$cookie_value = "my value";
$cookie_new_value = "my new value";

// Create a cookie,
setcookie($cookie_name, $cookie_value , time() + (86400 * 30), "/"); //86400 = 24 hours in seconds

// Get value in a cookie,
$cookie_value = $_COOKIE[$cookie_name];

// Update a cookie,
setcookie($cookie_name, $cookie_new_value , time() + (86400 * 30), "/");

// Delete a cookie,
setcookie($cookie_name, '' , time() - 3600, "/"); //  time() - 3600 means, set the cookie expiration date to the past hour.

Answer 17

It's simple!

setcookie("cookiename", "cookievalue", 1);

Answer 18

I found that in Chrome it's impossible to unset a cookie unless you define the last three parameters in the cookie... The domain, that it's secure and http only...

if (isset($_COOKIE['user_id'])) {
unset($_COOKIE['user_id']); 
setcookie("user_id", "", time() - 3600, "/", 'yourdomain.com',true,true);
header('Location: /');
} else {
/* other code here */
}

This is how I made it work for me. Read the documentation: All about cookies in the official PHP Site

Answer 19

You can simply use this customize function:

function unset_cookie($cookie_name) {
    if (isset($_COOKIE[$cookie_name])) {
        unset($_COOKIE[$cookie_name]);
        setcookie($cookie_name, null, -1);
    } else { return false; }
}

If you want to remove $_COOKIE['user_account'].
Just use:

unset_cookie('user_account');

Answer 20

When you enter 0 for time, you mean "now" (+0s from now is actually now) for the browser and it deletes the cookie.

setcookie("key", NULL, 0, "/");

I checked it in chrome browser that gives me:

Name: key
Content: Deleted
Created: Sunday, November 18, 2018 at 2:33:14 PM
Expires: Sunday, November 18, 2018 at 2:33:14 PM

Answer 21

You could set a session variable based on cookie values

session_start();

if(isset($_COOKIE['loggedin']) && ($_COOKIE['loggedin'] == "true") ){
$_SESSION['loggedin'] = "true";
}

echo ($_SESSION['loggedin'] == "true" ? "You are logged in" : "Please Login to continue");

Answer 22

I,m used this in php and it worked fine.

function cookie_unset()
{
    setcookie("cookie_name", "", time() - 3600, '/');
    unset ($_COOKIE['cookie_name']);
    //done
}

Answer 23

You can use unset or setcookie

unset($_COOKIE['MYCOOKIE']);
//
setcookie('MYCOOKIE', '', -1, '/');

I prefer to check with isset and than unset or setcookie

if(isset($_COOKIE['MYCOOKIE'])) { unset($_COOKIE['MYCOOKIE']); }
//
if(isset($_COOKIE['MYCOOKIE'])) { setcookie('MYCOOKIE', '', -1, '/'); }

this seems to work too, but don't use it in my opinion

setcookie('MYCOOKIE', '', -1, '/') ?? '';

!isset($_COOKIE['MYCOOKIE']) ?: setcookie('MYCOOKIE', '', -1, '/');

Answer 24

You have to delete cookies with php in your server and also with js for your browser.. (They has made with php, but cookie files are in the browser client too):

An example:

if ($_GET['action'] == 'exit'){
            // delete cookies with js and then in server with php:
            echo '
            <script type="text/javascript">
                var delete_cookie = function(name) {
                     document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:01 GMT;";
                };
                delete_cookie("madw");
                delete_cookie("usdw");
            </script>
            ';
unset($_COOKIE['cookie_name']);
unset($_COOKIE['cookie_time']);

Answer 25

Most of you are forgetting that this will only work on a local machine. On a domain you will need a pattern like this example.

setcookie("example_cookie", 'password', time()-3600, "/", $_SERVER['SERVER_NAME']);