41

Possible Duplicate:
Delete cookie on clicking sign out

I want to delete cookies when the user logout.

Here is my code:

 if (HttpContext.Current.Request.Cookies["currentUser"] != null)
 {
     DeleteCookie(HttpContext.Current.Request.Cookies["currentUser"]);
 }


       public void DeleteCookie(HttpCookie httpCookie)
        {
            try
            {
                httpCookie.Value = null;
                httpCookie.Expires = DateTime.Now.AddMinutes(-20);
                HttpContext.Current.Request.Cookies.Add(httpCookie);
            }
            catch (Exception ex)
            {
                throw (ex);
            }
        }

But it doesn't work. Do you have any suggestion?

Community
  • 1
  • 1
cagin
  • 5,772
  • 14
  • 74
  • 130
  • I believe that you shouldn't clear the `Value`. AFAIK, that's how the cookie is identified. – Andre Calil Aug 24 '12 at 20:56
  • Note that deleting the cookie is only a secondary cleanup. The important part is invalidating the value of the cookie on the server side. – CodesInChaos Aug 24 '12 at 21:15

4 Answers4

79
 HttpCookie currentUserCookie = HttpContext.Current.Request.Cookies["currentUser"];
 HttpContext.Current.Response.Cookies.Remove("currentUser");
 currentUserCookie.Expires = DateTime.Now.AddDays(-10);
 currentUserCookie.Value = null;
 HttpContext.Current.Response.SetCookie(currentUserCookie);

It works.

cagin
  • 5,772
  • 14
  • 74
  • 130
  • 12
    I know this is an old answer, but for newcomers, I don't think removing the cookie first does anything useful, since it is set again later anyhow. – James Wilkins Jun 16 '17 at 04:12
  • 1
    I can confirm what @JamesWilkins said. The ```Remove``` is not needed since the cookie is overwritten. – Luca Ritossa Apr 16 '19 at 10:43
  • 2
    According to this https://learn.microsoft.com/en-us/dotnet/api/system.web.httpresponse.setcookie?view=netframework-4.8 you should use HttpContext.Current.Response.Set instead of HttpContext.Current.Response.SetCookie not sure about the difference though. – Janspeed May 13 '19 at 08:30
  • 1
    I found that I needed to have the Remove line - otherwise I had a lot of expired cookies of the same name lingering around, and when it came time to read the value, one of the old "expired" incarnations was being read – MikeDev Aug 11 '20 at 15:30
20

Instead of adding the cookie, you should change the Response's cookies Expires to a value in the past:

if (Request.Cookies["currentUser"] != null)
{
    Response.Cookies["currentUser"].Expires = DateTime.Now.AddDays(-1);   
}

Sidenote: Instead of throw ex you should just throw it to keep its stacktrace. C#: Throwing Custom Exception Best Practices

xr280xr
  • 12,621
  • 7
  • 81
  • 125
Tim Schmelter
  • 450,073
  • 74
  • 686
  • 939
  • 1
    Why catch the exception anyway if nothing is done with it? – Dykam Aug 24 '12 at 21:04
  • I tried but it doesn't work. Still I can see the user name after logout. httpCookie.Expires = DateTime.Now.AddDays(-1); – cagin Aug 24 '12 at 21:07
  • @Dykam: You can decide later to log it or do whatever you want. I often add a `TODO: implement logging` there in the first version. On this way you have at least added the try/catch to remember that this might cause an exception. – Tim Schmelter Aug 24 '12 at 21:13
  • What if I want to delete a cookie, then create an other cookie with the same name? Will the Expires act on my new created cookie? – serge Jan 29 '16 at 14:12
0

Add the cookie (with past expiration) to the HttpContext.Current.Response.Cookies collection instead. Request is for reading the cookies the server was sent - response is for sending cookies back to the client.

medkg15
  • 1,565
  • 15
  • 13
-1

Maybe you can make use of Response.Cookies.Clear() or Response.Cookies.Remove().

S..
  • 1,242
  • 8
  • 29
  • 49
  • 1
    Sorry...i did a quick search and found this http://msdn.microsoft.com/en-us/library/ms178195.aspx May be this might be useful to u. – S.. Aug 24 '12 at 21:08
  • As you can see in my question, I already set the cookie's expiration time to past. But the same result. – cagin Aug 24 '12 at 21:10