How can I delete a specific cookie with the name roundcube_sessauth?
Shouldn't the following:
function del_cookie(name) {
document.cookie = 'roundcube_sessauth' +
'=; expires=Thu, 01-Jan-70 00:00:01 GMT;';
}
And then:
<a href="javascript:del_cookie(name);">KILL</a>
Kill the roundcube_sessauth cookie?
You should define the path on which the cookie exists to ensure that you are deleting the correct cookie.
function set_cookie(name, value) {
document.cookie = name +'='+ value +'; Path=/;';
}
function delete_cookie(name) {
document.cookie = name +'=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}
If you don't specify the path, the browser will set a cookie relative to the page you are currently on, so if you delete the cookie while on a different page, the other cookie continues its existence.
Edit based on @Evan Morrison's comment.
Be aware that in some cases to identify the correct cookie, the Domain parameter is required.
Usually it's defined as Domain=.yourdomain.example.
Placing a dot in front of your domain name means that this cookie may exist on any sub-domain (www also counts as sub-domain).
Also, as mentioned in @RobertT's answer, HttpOnly cookies cannot be deleted with JavaScript on the client side.
In order to delete a cookie set the expires date to something in the past. A function that does this would be.
var delete_cookie = function(name) {
document.cookie = name + '=;expires=Thu, 01 Jan 1970 00:00:01 GMT;';
};
Then to delete a cookie named roundcube_sessauth just do.
delete_cookie('roundcube_sessauth');
//if passed exMins=0 it will delete as soon as it creates it.
function setCookie(cname, cvalue, exMins) {
var d = new Date();
d.setTime(d.getTime() + (exMins*60*1000));
var expires = "expires="+d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}
setCookie('cookieNameToDelete','',0) // this will delete the cookie.
I'm not really sure if that was the situation with Roundcube version from May '12, but for current one the answer is that you can't delete roundcube_sessauth cookie from JavaScript, as it is marked as HttpOnly. And this means it's not accessible from JS client side code and can be removed only by server side script or by direct user action (via some browser mechanics like integrated debugger or some plugin).
You can try this solution
var d = new Date();
d.setTime(d.getTime());
var expires = "expires="+d.toUTCString();
document.cookie = 'COOKIE_NAME' + "=" + "" + ";domain=domain.example;path=/;" + expires;
function deleteCookieByName(name) {
let newCookie = document.cookie.replace(new RegExp(`${name}=[^ ]*( )?`), '');
document.__defineGetter__("cookie", function() {return newCookie} );
}
In my case I used blow code for different environment.
document.cookie = name +`=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;Domain=.${document.domain.split('.').splice(1).join('.')}`;
for Cookies you can refer this cookie documentation
for setting the cookies with domain in js:
function setCrossSubdomainCookie(cookieName, cookieValue, minutes) {
const assign = `${name}=${escape(value)};`
const d = new Date()
d.setTime(d.getTime() + minutes * 60 * 1000)
const expires = `expires=${d.toUTCString()};`
const path = "path=/;"
const domain = "domain=.domainName.example;"
document.cookie = assign + expires + path + domain
}
For deleting the cookies with domain in js:
export async function deleteCookie(name) {
document.cookie = `${name}=; path=/; domain=.edyst.com; expires=${new Date(
0
).toUTCString()}`
}
Note: we cannot store cookies without expiry time but domain is optional can be excluded and if want to store cookie for long or don't want your cookie to expire then use this while setting the cookie
const expires = "expires=Fri, 31 Dec 9999 23:59:59 GMT"
