Reputation: 1175
Delete cookies in .net core 2.0
I am working on .Net Core 2.0 MVC Web Application. There is a need to manipulate authentication cookie to set expire time span based on user role. After the expire time span, the user will be logged out of the application if there is no activity. In order to that, I created a Filter which is being called everytime user interacts with the site. In that filter, I am basically reading cookie value, store it in the temp variable, delete existing cookie, and append new cookie with same key and value to the response.
var cookieContent = Request.Cookie[key];
Response.Cookies.Delete(key);
Response.Cookies.Append(new cookie with same name and value);
I am able to create a new cookie with required expire time, and it does work fine.
My problem here is, Response.Cookies.Delete(key); doesn't really delete the cookie.
Microsoft documentation says we cannot delete the cookie from the user's pc. so is there any way to delete the cookie from hard-drive? If not, what does Response.Cookies.Delete(cookie); do?
Upvotes: 16
Views: 34160
Answers (5)
Reputation: 1620
In .NET 6 and above
private void ClearCookie()
{
foreach (var cookie in Request.Cookies.Keys)
{
Response.Cookies.Delete(cookie);
}
}
Upvotes: 0
Reputation: 51
var Cookieoption1 = new CookieOptions();
Cookieoption1.Path = HttpContext.Request.PathBase;
foreach (var cookieKey in Request.Cookies.Keys)
{
HttpContext.Response.Cookies.Delete(cookieKey, Cookieoption1);
}
Upvotes: 4
Reputation: 8019
In ASP.NET Core, you can/should use the following method:
private void DeleteCookies()
{
foreach (var cookie in HttpContext.Request.Cookies)
{
Response.Cookies.Delete(cookie.Key);
}
}
What this does internally is to send 'Set-Cookie' directives in the Http Response Header to instruct the browser to both expire the cookie and clear its value.
- ASP.NET Core source code for ResponseCookies.Delete Method
- MSDN docs here - IResponseCookies.Delete Method
Example response header:
HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Server: Microsoft-IIS/10.0
Set-Cookie: Cookie1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; secure; samesite=lax
Set-Cookie: Cookie2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; secure; samesite=lax
Set-Cookie: Cookie3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; secure; samesite=lax
Upvotes: 40
Reputation: 2459
You can set expire time for cookie like:
Response.Cookies.Append("cookieName", "", new CookieOptions() {
Expires = DateTime.Now.AddDays(-1)
});
When the browser get response from the server, it will see that the cookie with name cookieName has expired. Therefore, the browser will delete the cookie.
Upvotes: 9
Reputation: 17
Clearing the cookies of the response doesn't instruct the browser to clear the cookie, it merely does not send the cookie back to the browser. To instruct the browser to clear the cookie you need to tell it the cookie has expired, e.g.
public static void Clear(string key)
{
var httpContext = new HttpContextWrapper(HttpContext.Current);
_response = httpContext.Response;
HttpCookie cookie = new HttpCookie(key)
{
Expires = DateTime.Now.AddDays(-1) // or any other time in the past
};
_response.Cookies.Set(cookie);
}
Just to add something else I also pass the value back as null e.g.
public static void RemoveCookie(string cookieName)
{
if (HttpContext.Current.Response.Cookies[cookieName] != null)
{
HttpContext.Current.Response.Cookies[cookieName].Value = null;
HttpContext.Current.Response.Cookies[cookieName].Expires = DateTime.Now.AddMonths(-1);
}
}
Upvotes: 0
Related Questions
- Clear all cookies in Asp.net Core
- .net core 3.1 cannot delete cookies
- Can't remove cookies using C#
- How to remove cookies asp.net core authorization
- Remove and delete all cookies of my ASP NET c-sharp application
- How to delete a specific cookie on startup, using .net core 2?
- Delete cookie issue in C#
- Cookies that won't delete
- how to delete cookies in asp.net
- remove cookies from browser