Django logout(redirect to home page) .. Delete cookie?

Question

I redirect the user to the home page after logout. In between I would like to delete all/or specific client cookies (I have previously set).

def logoutuser(request):
    logout(request)
    return redirect('app.home.views.home')

To call response.delete_cookie('user_location'), there is no response object. How do I do this?

score 30 · Accepted Answer · edited Nov 29 '21 at 21:58

30

Like jobscry said, logout() cleans session data, but it looks like you have set your own cookies too.

You could wrap auth logout view, which will return a HttpResponse:

def logout_user(request):
     response = logout(request, next_page=reverse('app.home.views.home'))
     response.delete_cookie('user_location')
     return response

Or if you're just using the logout method as opposed to the view, you can use the return value for the redirect() method you have (which I assume returns a HttpResponse too).

def logout_user(request):
     logout(request)
     response = redirect('app.home.views.home')
     response.delete_cookie('user_location')
     return response

edited Nov 29 '21 at 21:58

ggorlen

44,755
7
76
106

answered Aug 14 '09 at 01:33

SmileyChris

10,578
4
40
33

5

**N.B.** _"Due to the way cookies work, `path` and `domain` should be the same values you used in `set_cookie()` -- otherwise the cookie may not be deleted."_ https://docs.djangoproject.com/en/1.3/ref/request-response/#django.http.HttpResponse.delete_cookie – Matt Ball Sep 01 '12 at 05:06
Thank you @MattBall. This must be the case with any language, framework, library, etc.. – muffs Jun 19 '14 at 23:02
I don't seem to have `next_page` as an argument in the logout function `from django.contrib.auth import logout` in django 1.10 – Akshay Hazari Aug 19 '17 at 09:32

score 1 · Answer 2 · answered Aug 14 '09 at 00:26

1

according to http://docs.djangoproject.com/en/dev/topics/auth/#django.contrib.auth.logout

Changed in Django 1.0: Calling logout() now cleans session data.

answered Aug 14 '09 at 00:26

imjoevasquez

14,021
6
31
22

7

Seems to delete the session data, but not client cookie. I am using Django 1.1 – Ramya Aug 14 '09 at 13:03

score 1 · Answer 3 · edited Nov 29 '21 at 21:56

Hope this helps: delete cookie when caling "/clear-cookies"

location.href = '/clear-cookies';

Define a method in views.py:

def clear_cookies(request):
    response = HttpResponseRedirect('/')
    response.delete_cookie('_gat', domain='example.com')
    response.delete_cookie('_ga', domain='example.com')
    response.delete_cookie('_gid', domain='example.com')
    return response

Add the path and method to your urls.py:
```
url(r'^clear-cookies', clear_cookies),
```

score 0 · Answer 4 · answered Aug 10 '22 at 20:34

This is slightly tangential, but maybe helpful to others in a similar situation.

If you are setting cookies that need to be deleted when the user logs out, maybe you shouldn't be using cookies in the first place. For that use case, it's much better to use session data instead. Like:

request.session['myKey'] = myValue

retrievedValue = request.session.get('myKey')

From the docs: "The session framework lets you store and retrieve arbitrary data on a per-site-visitor basis. It stores data on the server side and abstracts the sending and receiving of cookies".

Using session data is more secure and more performant than setting cookies, because the data stays on the server side.

The only use case where I would recommend setting your own cookies is if you need to store information that persists beyond a session (say you want to store preferences across sessions for a visitor who does not sign in).

Django logout(redirect to home page) .. Delete cookie?

4 Answers4

Linked