0

Per http://php.net/manual/en/function.setcookie.php, they provide the following example to delete a cookie:

setcookie ("TestCookie", "", time() - 3600);

Selected answer to Remove a cookie recommends the following:

setcookie('Hello', null, -1, '/');

Should it be time()-3600, -1, or something else?

On a side note, is a value of null or "" preferred?

Community
  • 1
  • 1
user1032531
  • 24,767
  • 68
  • 217
  • 387
  • 2
    Any time before the current time works. – Barmar Dec 19 '14 at 17:59
  • Value doesn't matter, setting previous date as @Barmar said will remove the cookie. – Rahil Wazir Dec 19 '14 at 18:00
  • it has to be a previous time PER THE CLIENT. if the client's clock is way off, then you'd still be setting a time in THEIR future, e.g. continuing the cookie. Best choice is to set `time = 1`, which 'd be 1970. If a user's clock is that far out, too bad for them. – Marc B Dec 19 '14 at 18:02
  • @Barmar My experience told me the same, but I didn't know whether browsers did so because it was required by the specifications governing browsers, or just because it is the common thing to do. – user1032531 Dec 19 '14 at 18:04
  • Did you try reading the [documentation](http://php.net/manual/en/function.setcookie.php)? _When deleting a cookie you should assure that the expiration date is in the past, to trigger the removal mechanism in your browser._ – Barmar Dec 19 '14 at 18:09
  • 1
    @Barmar Yes, I read the documentation. It is just that I saw many different implementations which presumably were all doing the same thing, and didn't know whether one was better than the other. – user1032531 Dec 19 '14 at 18:11

2 Answers2

0

Try this

if (isset($_COOKIE['TestCookie'])) 
{
    // removing the cookie
    unset($_COOKIE['TestCookie']);

    // resetting the cookie
    setcookie('TestCookie', null, -1, '/');

    return true;
} else {
    return false;
}
ehime
  • 8,025
  • 14
  • 51
  • 110
  • That was the recommended answer to the post I referenced. Note that it had 7 downvotes, however, reasons were not given. Why `-1` and not `1`? Also, why do you recommend setting value of `null` instead of `""`? – user1032531 Dec 19 '14 at 18:06
  • 1
    Why do you do everything twice? – Barmar Dec 19 '14 at 18:06
  • @Barmar typos unfortunetly – ehime Dec 19 '14 at 18:07
  • @user1032531 you are giving it a negative time value at that point – ehime Dec 19 '14 at 18:09
  • How do we know that all browsers will understand negative time? – user1032531 Dec 19 '14 at 18:38
  • @user1032531 all modern browsers will understand this, please see http://stackoverflow.com/questions/9772673/curl-cookie-negative-cookie-expire – ehime Dec 19 '14 at 18:45
  • Also http://stackoverflow.com/questions/15932957/difference-between-0-and-negative-value-for-setmaxage-for-cookie – ehime Dec 19 '14 at 18:48
  • Please note that, at least in 2018, there was someone reporting that Chrome didn't understand an expiration of -1 in a comment to the accepted answer here (which has the same code as this one): https://stackoverflow.com/questions/686155/remove-a-cookie. I don't know if it has been fixed since. Also, in the 2nd most voted answer, someone comments about IE barking at negative values, but that's not modern (at least to 99.75% of the people). Lastly, some claim the 3rd answer is the best. – DystD Mar 03 '23 at 01:03
  • Either way, as Nelson's answer implies, an expiration of 1 means 1 second after 00:00:00 1970-01-01, so 1 is as much in the past as -1, so why not go the safe way? (To anyone reading this, I'd also take a look at the other question) – DystD Mar 03 '23 at 01:07
0

Since cookie expiration time will be checked against clients clock, the best option is:

setcookie('Hello', null, 1, '/');

Then you can make sure it will expire instantly.

Except if the clock is 00:00:00 1970-01-01 :P

Nelson Galdeman Graziano
  • 552
  • 4
  • 16
  • Why `1` and not `0`? Also, why `null` and not `""`? – user1032531 Dec 19 '14 at 18:08
  • @NelsonGaldemanGraziano It does matter, as 1 and 0 are times, the difference between 0 and 1 is the life of the cookie, aka one second. As well with Null and Empty string, empty string is a nullable value, but is not identical to null: http://php.net/manual/en/language.operators.comparison.php – ehime Dec 19 '14 at 18:24
  • In this context, 1 or 0 it's the same, because it will always compare it with +1000000000 – Nelson Galdeman Graziano Dec 22 '14 at 02:34
  • Unless I misunderstood what you meant, the value shouldn't be 0 to expire it. It may be easy to miss since it's in a comment in one of the last answers, but it's also mentioned here https://stackoverflow.com/questions/686155/remove-a-cookie. According to php.net manual, "If set to 0, or omitted, the cookie will expire at the end of the session (when the browser closes)." – DystD Mar 03 '23 at 01:12