How to delete a user's cookie using python on app engine?

Question

I'm using the python facebook api on google app engine (webapp). I want to set the user's cookie to expire when the user logs out of the application. This cookie is being set by the Javascript Facebook API.

Here is the facebook api function showing how the facebook api access the facebook cookie:

def get_user_from_cookie(cookies, app_id, app_secret):
    cookie = cookies.get("fbs_" + app_id, "")
    if not cookie: return None
    args = dict((k, v[-1]) for k, v in cgi.parse_qs(cookie.strip('"')).items())
    payload = "".join(k + "=" + args[k] for k in sorted(args.keys())
                      if k != "sig")
    sig = hashlib.md5(payload + app_secret).hexdigest()
    expires = int(args["expires"])
    if sig == args.get("sig") and (expires == 0 or time.time() < expires):
        return args
    else:
        return None

I'm able to invoke this function by doing:

class WelcomePage(webapp.RequestHandler):
    def getFacebookCookie(self):
        cookie = facebook.get_user_from_cookie(
                              self.request.cookies, app_id, app_secret)
        accss_token = cookie["access_token"]
        logging.debug("The access token is %s"%access_token)

Now how can I delete/set the user's cookie to expire?

Any help is much appreciated. Thanks in advance.

Answer 1

Update: This method will work if you're the one who set the cookie... but I overlooked the part where you clearly said it's facebook's cookie you want to remove. In that case, the answer to this question appears to be exactly what you need: Facebook Oauth Logout

If it's a cookie you set in the first place, you should be able to just set the cookie to expire a really long time ago in your response header. wikipedia article

self.response.headers.add_header("Set-Cookie", "access_token=deleted; Expires=Thu, 01-Jan-1970 00:00:00 GMT")

make sure to set the domain and path to the same as the original cookie or it probably won't work.