1

I want to create a JSP that deletes all cookies that apply to the current page (so, if the reset page resides on site is www.dev.example.com it would get all cookies: www.dev.example.com, .dev.example.com, .example.com) and, server-side, remove them all.

What would the code for this be?

artlung
  • 33,305
  • 16
  • 69
  • 121

3 Answers3

0

Reference to RFC 2109, you just need to use the Set-Cookie header in your HTTP response, and set the cookie you want to be cleared to a blank value.Such as

Set-Cookie: ssid=

Update: I am not familiar with JSP, so I use PHP and Javascript for example, assume that you don't have HttpOnly property in your cookies.

I use this PHP code to set cookie, you can upload this PHP script to your web server, www.yourserver.com/setcookie.php

<?php
setcookie('name', 'li');
?>

And I use this HTML file to clear your cookies, once again, upload this HTML file to your web server, www.yourserver.com/clearcookie.html

<script>
function deleteAllCookies() {
    var cookies = document.cookie.split(";");

    for (var i = 0; i < cookies.length; i++) {
        var cookie = cookies[i];
        var eqPos = cookie.indexOf("=");
        var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
        document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
    }
}

deleteAllCookies();
</script>
Community
  • 1
  • 1
alwaysday1
  • 1,683
  • 5
  • 20
  • 36
  • Right, so I need to first read all the currently set cookies first, then for each one use the Set-Cookie header. And do I need to set a domain for each as well? So what's that function look like? Is there something that does this as a library - iterate over current cookies and unset? – artlung Apr 19 '12 at 01:28
0

If you dont want to delete than another alternative is store them as persistant cookie

set MaxAge = -1

The MaxAge of -1 signals that you want the cookie to persist for the duration of the session. You want to set MaxAge to 0 instead.

    A negative value means that the cookie is not stored persistently and 
will be deleted when the Web browser exits. A zero value causes the cookie
to be deleted.

Another is

Iterate all cookies in servlet/Scriptlet and set all Cookies Value NULL .

also one is 

use javascript code to remove all cookies.
Yogesh Prajapati
  • 4,770
  • 2
  • 36
  • 77
0

Use following Code.

<body>

<%

    if(request.getParameter("removeCookie") != null){           
        for(Cookie cookie : request.getCookies()){

            if(!cookie.getName().equals("JSESSIONID")){
                cookie.setMaxAge(0);
                cookie.setValue("");
                cookie.setPath("/");

                response.addCookie(cookie);
            }
        }
    }

%>
<form action="#" method="get">

<input type="submit" id="removeCookie" name="removeCookie" value="Remove cookie" >
</form>


</body>
Jonatan H.
  • 57
  • 1
  • 1
  • 9
Yogesh Prajapati
  • 4,770
  • 2
  • 36
  • 77
  • 1
    As you answered yourself in your other answer (why are you posting another answer instead of editing the initial one?), the max age of -1 is wrong. – BalusC Apr 20 '12 at 13:39
  • because this is another answer , in question he ask about do this and in comment he ask for code so... – Yogesh Prajapati Apr 20 '12 at 17:32