Menu
How do you remove a cookie in a Java servlet? cookie. setMaxAge(0);
Use the setcookie() Function to Delete Cookies in PHP We can use the isset() function to check if the cookie has been set before deleting the cookie. For example, use the $_COOKI[$cookie_name] variable in the isset() function to check if the above created cookie exist. In the if block, use the setcookie() function.
The MaxAge of -1 signals that you want the cookie to persist for the duration of the session. You want to set MaxAge to 0 instead.
From the API documentation:
A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits. A zero value causes the cookie to be deleted.
In my environment, following code works. Although looks redundant at first glance, cookies[i].setValue(""); and cookies[i].setPath("/"); are necessary to clear the cookie properly.
private void eraseCookie(HttpServletRequest req, HttpServletResponse resp) {
Cookie[] cookies = req.getCookies();
if (cookies != null)
for (Cookie cookie : cookies) {
cookie.setValue("");
cookie.setPath("/");
cookie.setMaxAge(0);
resp.addCookie(cookie);
}
}
Keep in mind that a cookie is actually defined by the tuple of it's name, path, and domain. If any one of those three is different, or there is more than one cookie of the same name, but defined with paths/domains that may still be visible for the URL in question, you'll still see that cookie passed on the request. E.g. if the url is "http://foo.bar.com/baz/index.html", you'll see any cookies defined on bar.com or foo.bar.com, or with a path of "/" or "/baz".
Thus, what you have looks like it should work, as long as there's only one cookie defined in the client, with the name "SSO_COOKIE_NAME", domain "SSO_DOMAIN", and path "/". If there are any cookies with different path or domain, you'll still see the cookie sent to the client.
To debug this, go into Firefox's preferences -> Security tab, and search for all cookies with the SSO_COOKIE_NAME. Click on each to see the domain and path. I'm betting you'll find one in there that's not quite what you're expecting.
Cookie[] cookies = request.getCookies();
if(cookies!=null)
for (int i = 0; i < cookies.length; i++) {
cookies[i].setMaxAge(0);
}
did that not worked? This removes all cookies if response is send back.
This is code that I have effectively used before, passing "/" as the strPath parameter.
public static Cookie eraseCookie(String strCookieName, String strPath) {
Cookie cookie = new Cookie(strCookieName, "");
cookie.setMaxAge(0);
cookie.setPath(strPath);
return cookie;
}
The proper way to remove a cookie is to set the max age to 0 and add the cookie back to the HttpServletResponse object.
Most people don't realize or forget to add the cookie back onto the response object. By doing that it will expire and remove the cookie immediately.
...retrieve cookie from HttpServletRequest
cookie.setMaxAge(0);
response.addCookie(cookie);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With