Could not get cookie from another (parent) domain in Django

Question

I need to remove a cookie that was previously set for parent domain while browsing host at subdomain of the parent.

I.e., a cookie "xyz" was set for example.com, and I am trying to remove it on subdomain.example.com, using Django backend.

The request.COOKIES given to the view does not contain any cookies except those from subdomain.example.com, so I can't write just response.delete_cookie(...) in order to delete it.

It is possible to perform such deletion either in Python or Javascript?

Answer 1

You can attempt to call delete_cookie even for a cookie you haven't been able to read. Django will output the relevant Set-Cookie headers to delete the cookie regardless. Naturally the domain and path you pass to delete_cookie must match the cookie you intend to delete.

However, if you haven't been able to read the cookie, it is likely there is another problem, which might prevent you deleting it. Are you sure the cookie from the parent domain was set with a domain=parentdomain.tld parameter? If not then it wouldn't be visible or deletable from the subdomain, except in IE due to that browser's bad handling of no-domain-specified cookies.

Answer 2

The cookie was probably set with 'domain' parameter. Set the cookie to be accessible from all the subdomains of the domain the cookie is being set in.

I'm not the python guy, but my knowledge of http protocol shows that this might be the problem.