Can a userscript delete cookies from a given domain?

Question

Can Greasemonkey delete cookies from a given domain? If so, how?

Answer 1

There are major limitations on what Greasemonkey can delete. Other tools may be better for what you want, see below. But, if all of these conditions are met:

• The cookies you want to delete are on the current page's domain.
• They are not "Secure cookies".
• You loop through the possible paths, including /, a blank path, etc.
• No cookies are set by javascript, after the page loads.
• The thing tracking you really is a "cookie". Many websites use a variety of other techniques, including LSO's, local storage, etc.

THEN, the following code will delete them:

//--- Loop through cookies and delete them.
var cookieList  = document.cookie.split (/;\s*/);

for (var J = cookieList.length - 1;   J >= 0;  --J) {
    var cookieName = cookieList[J].replace (/\s*(\w+)=.+$/, "$1");

    eraseCookie (cookieName);
}

Where eraseCookie() is:
(Note that this eraseCookie gets many more cookies by attempting all possible paths and the most likely sub-domains.)

function eraseCookie (cookieName) {
    //--- ONE-TIME INITS:
    //--- Set possible domains. Omits some rare edge cases.?.
    var domain      = document.domain;
    var domain2     = document.domain.replace (/^www\./, "");
    var domain3     = document.domain.replace (/^(\w+\.)+?(\w+\.\w+)$/, "$2");;

    //--- Get possible paths for the current page:
    var pathNodes   = location.pathname.split ("/").map ( function (pathWord) {
        return '/' + pathWord;
    } );
    var cookPaths   = [""].concat (pathNodes.map ( function (pathNode) {
        if (this.pathStr) {
            this.pathStr += pathNode;
        }
        else {
            this.pathStr = "; path=";
            return (this.pathStr + pathNode);
        }
        return (this.pathStr);
    } ) );

    ( eraseCookie = function (cookieName) {
        //--- For each path, attempt to delete the cookie.
        cookPaths.forEach ( function (pathStr) {
            //--- To delete a cookie, set its expiration date to a past value.
            var diagStr     = cookieName + "=" + pathStr + "; expires=Thu, 01-Jan-1970 00:00:01 GMT;";
            document.cookie = diagStr;

            document.cookie = cookieName + "=" + pathStr + "; domain=" + domain  + "; expires=Thu, 01-Jan-1970 00:00:01 GMT;";
            document.cookie = cookieName + "=" + pathStr + "; domain=" + domain2 + "; expires=Thu, 01-Jan-1970 00:00:01 GMT;";
            document.cookie = cookieName + "=" + pathStr + "; domain=" + domain3 + "; expires=Thu, 01-Jan-1970 00:00:01 GMT;";
        } );
    } ) (cookieName);
}

Optional function, for information or debug:

function listCookies () {
    var cookieList  = document.cookie.split (/;\s*/);

    for (var J = 0, numCookies = cookieList.length;   J < numCookies;  ++J) {
        console.log ("Cookie ", J, ": ", cookieList[J]);
    }
}

---

Your GM script can also use iFrame tricks to delete cookies on third-party domains, but GM is not the best way to handle cookies, in general.

Don't be fooled by any other claims, Greasemonkey and javascript simply cannot delete a cookie unless all of the conditions, listed at the top of this answer, are met. Note that javascript and Greasemonkey cannot even see all the cookies on a page.

Greasemonkey is not the best tool for this, although it may be adequate for select situations.

Here are some far more powerful solutions:

1. Use Selective Cookie Delete. It keeps the cookies you want and deletes the rest. It does this at the push of a very handy button or automatically when Firefox closes. Both white-lists and black-lists are supported.
2. Use BetterPrivacy for sneakier LSO's.
3. Run CCleaner at least once a week, to exorcise a broad spectrum of tracking and cruft.
4. For powerful, custom, fully-automated cookie removal that does not have the severe limitations that Greasemonkey has, and that runs more often than Selective Cookie Delete, you can write your own browser extension.