Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to kill zombie cookies

I'm not sure if my question is related to this one or not.

IE9 deletes this cookie after closing the browser (expected) but Chrome 12, Firefox 5, and Opera 11 do not. (During testing of the example below, each browser was closed after clicking "Delete Account." They were then reopened after a short period of time and in all but IE9 the cookies were still there.)

Use Case: Cookie expires 1 year after last visit by user. Account deletion should remove the cookie.

Question:
(1/2) Why does IE9 do the right (expected) thing and the others do not?
(2/2) How can I ensure all browsers destroy this cookie?

Example:

login.html

<!doctype html>
<html>
    <head>
        <title>Create Cookie Example</title>

        <script>
            function setCookie() {
                var expDate = new Date();
                expDate.setDate(expDate.getDate() + 365);
                document.cookie = "fakeCookie=" + escape("fake value")
                    + "; expires=" + expDate.toGMTString();
            }
        </script>
    </head>

    <body onload="setCookie()">
        <h1>Welcome</h1>
        <p>Lorem ipsum...</p>
        <hr size="1" />
        <p><a href="profile.html">User Profile</a></p>
    </body>
</html>

profile.html

<!doctype html>
<html>
    <head>
        <title>Delete Cookie Example</title>

        <script>
            function deleteConfirm() {
                if ( confirm("Are you sure you want to delete your account? "
                           + "All data will be lost; this action cannot be undone!")
                   ) deleteConfirmed()
                else return false

                return true;
            }

            function deleteConfirmed() {
                document.cookie = "fakeCookie=; expires=Thu, 01-Jan-70 00:00:01 GMT";
            }
        </script>
    </head>

    <body>
        <h1>User Profile</h1>
        <p>Lorem ipsum...</p>
        <hr size="1" />
        <p><a href="index.html" onclick="return deleteConfirm()">Delete Account</a></p>
    </body>
</html>

Edit: The original post incorrectly identified login.html as index.html (forming a circular reference that would recreate the cookie when the "account" was deleted.)

like image 551
psema4 Avatar asked Jun 30 '11 18:06

psema4


1 Answers

The OP came up with this answer and initially edited it into the question. This is just a repost to keep the solution in an answer post, for semantics.

        <script>
            function deleteConfirm() {
                if ( confirm("Are you sure you want to delete your account? "
                           + "All data will be lost; this action cannot be undone!")
                   ) deleteConfirmed(); // <-- ** MISSED SEMICOLON HERE **
                else return false;      // <-- ** AND HERE **

                return true;
            }

            function deleteConfirmed() {
                document.cookie = "fakeCookie=; expires=Thu, 01-Jan-70 00:00:01 GMT";
            }
        </script>
like image 109
Pops Avatar answered Oct 02 '22 12:10

Pops