0

I try to delete this cookie: enter image description here

First of all a bit of background. This is a token for verification on different sites within the same domain. I make the central login page. This page is working fine, except the log out. Every other cookie, I want to delete, gets deleted by JQuery cookie $.removeCookie('cookieName'). And I know, I can't delete this from the JavaScript, because of the secure-flag.

So I tried deleting it from a controller method. I call this method via ajax from JavaScript.

$.ajax({ur:'/Login/ExpireToken'})

I can see that it works in the Chrome Console Network Tab.

 public void ExpireToken()
 {
      Response.Cookies.Remove("crowd.token_key");
 }

But this, I don't know why, makes a new cookie, with the same name, empty value, the whole domain of the login page and no flags set.

So I tested, if the backend can find the cookie I want.

 public string ExpireToken()
 {
        return Response.Cookies["crowd.token_key"].Value;
 }

It returns the correct value and doesn't create a new/false one.

After this I tried to set the expires field to one day in the past or to now. I don't know, why this should work, because the expiration date of this cookie is already in the past.

public void ExpireToken()
{
   Response.Cookies["crowd.token_key"].Expires = DateTime.Now.AddDays(-1d);
}

And guess what, it doesn't work. It does literally nothing.

Other ways that don't work

if (Request.Cookies["crowd.token_key"] != null)
{
     var c = new HttpCookie("crowd.token_key");
     c.Expires = DateTime.Now.AddDays(-1);
     Response.Cookies.Add(c);
}
Sivic
  • 71
  • 7
  • Possible duplicate of [How do I manually delete a cookie in asp.net MVC 4](https://stackoverflow.com/questions/20219068/how-do-i-manually-delete-a-cookie-in-asp-net-mvc-4) – nilsK Sep 13 '18 at 07:44
  • Didnt check for duplicates before answering, just checked the duplicate and my answer is similar quality, although I like more my doc link (is more detailed and has more usefull info). Should I delete my answer 'cause of being duplicated? – Cleptus Sep 13 '18 at 07:51
  • this is no duplicate, as it seems. It doesn't solve my problem – Sivic Sep 13 '18 at 07:54
  • I think the problem is that you try to reset the cookie in an Ajax call. Ajax just calls a page with the cookie logic, but does nothing more with the ajax result. Try redirecting instead an Ajax call. – Cleptus Sep 13 '18 at 08:03

1 Answers1

0

As per the doc, you are doing things right in your las attemp, the one setting the expiration date to yesterday. Quote:

The technique is to create a new cookie with the same name as the cookie to be deleted, but to set the cookie's expiration to a date earlier than today. When the browser checks the cookie's expiration, the browser will discard the now-outdated cookie

I would put a breakpoint and debug to check cookie names, if everything is fine, perhaps the web browser is missbehaving.

HttpCookie aCookie;
string cookieName;
int limit = Request.Cookies.Count;
for (int i=0; i<limit; i++)
{
    cookieName = Request.Cookies[i].Name;
    aCookie = new HttpCookie(cookieName);
    aCookie.Expires = DateTime.Now.AddDays(-1);
    Response.Cookies.Add(aCookie);
}
Cleptus
  • 3,446
  • 4
  • 28
  • 34