0

I am trying to delete a cookie that is set by Magento.

The Cookie set via Magento on the domain is

Name: PHPSESSID
Content: [random string]
Domain: .bgl-...l.co.uk
Path: /
Send For: Any type of connection
Expires: 60 minutes

I have a page in a sub folder bgl-...l.co.uk/hq-admin with a link that links to another page. I also have an onClick function for this to delete the cookie however ti doesn't seem to work.

Current Code:

<a onclick="delete_cookie();" href="http://bgl-...l.co.uk/" target="_blank">Log in</a>
<script>
function delete_cookie() {
  document.cookie = "PHPSESSID=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; domain=bgl-opal.co.uk;";
}
</script>

Currently the page just refreshes and the cookie remains intact. The cookie is unaffected if I run the JS directly in my browser console too.

Ben H
  • 502
  • 1
  • 7
  • 24
  • Maybe when you link to the page it sets the cookie again. – Barmar Jul 14 '17 at 15:25
  • Try putting a `.` in `domain=.bgl-opal.co.uk` to match the actual cookie. – Barmar Jul 14 '17 at 15:26
  • I have tried removing the link and changing the 'a' to be a 'button' instead and it doesn't seem to fire or do anything. – Ben H Jul 14 '17 at 15:27
  • Changed it to document.cookie = "PHPSESSID=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; domain=.bgl-...l.co.uk;"; and it still doesn't do anything – Ben H Jul 14 '17 at 15:28
  • Or just leave out the `path` and `domain` parameters. – Barmar Jul 14 '17 at 15:29
  • What you're doing should work, see https://stackoverflow.com/questions/10593013/delete-cookie-by-name – Barmar Jul 14 '17 at 15:29
  • Can't leave out the parameters as the cookie name is generic and I do not want to impact on other cookies. I only want to remove the one for this domain – Ben H Jul 14 '17 at 15:32
  • Cookie operations only affect the one that's being used for the current page. – Barmar Jul 14 '17 at 15:33
  • Current page or domain? so if a cookie is set by /index.php/customer/account/login I cannot modify this from /hq-admin ? – Ben H Jul 14 '17 at 15:39
  • The only cookie that's visible is the one with the most specific domain and path that includes the current page. If the cookie has path=/, it can be set and deleted from both pages. If that page sets a cookie with path=/index.php/customer/account then it won't be visible at all to /hq-admin, and it can't delete it. – Barmar Jul 14 '17 at 15:47
  • The basic point is that when you delete the cookie, you'll delete whichever cookie is in force for the current page. – Barmar Jul 14 '17 at 15:47
  • Okay so the cookie has a path of / so it should be able to be deleted. I'm now just wondering if this is a firefox issue – Ben H Jul 14 '17 at 15:50
  • What's the chance that one of the most popular browsers has such a serious bug in a common operation like this? – Barmar Jul 14 '17 at 15:52
  • I know, clutching at straws now! Just checking to see if magento sets the cookie has httpOnly – Ben H Jul 14 '17 at 16:08

0 Answers0