CODEWITHSUNDEEP
c#cookiesasp.net-mvc-3
David
David

Reputation: 2223

How do you clear cookies using asp.net mvc 3 and c#?

Ok, so I really think I am doing this right, but the cookies aren't being cleared.

 Session.Clear();
 HttpCookie c = Request.Cookies["MyCookie"];
 if (c != null)
 {
     c = new HttpCookie("MyCookie");
     c["AT"] = null;
     c.Expires = DateTime.Now.AddDays(-1);
     Request.Cookies.Add(c);
 }

 return RedirectToAction("Index", "Home");

When the redirect happens, it finds the cookie again and moves on as though I never logged out. Any thoughts?

Upvotes: 55

Views: 72437

Answers (4)

DomenPigeon
DomenPigeon

Reputation: 1107

Response.Cookies.Delete("MyCookie")

I don't know at which version this was added, but it works.

Upvotes: 0

Alex
Alex

Reputation: 9429

I did this and it worked for clearing (not deleting) a session cookie:

HttpContext.Response.Cookies.Set(new HttpCookie("cookie_name"){Value = string.Empty});

Based on Metro's response I created this extension method to make the code reusable in any controller.

/// <summary>
/// Deletes a cookie with specified name
/// </summary>
/// <param name="controller">extends the controller</param>
/// <param name="cookieName">cookie name</param>
public static void DeleteCookie(this Controller controller, string cookieName)
{
    if (controller.HttpContext.Request.Cookies[cookieName] == null)
            return; //cookie doesn't exist

    var c = new HttpCookie(cookieName)
                {
                    Expires = DateTime.Now.AddDays(-1)
                };
    controller.HttpContext.Response.Cookies.Add(c);
}

Upvotes: 5

Metro Smurf
Metro Smurf

Reputation: 38365

You're close. You'll need to use the Response object to write back to the browser:

if ( Request.Cookies["MyCookie"] != null )
{
    var c = new HttpCookie( "MyCookie" );
    c.Expires = DateTime.Now.AddDays( -1 );
    Response.Cookies.Add( c );
}

More information on MSDN, How to: Delete a Cookie.

Upvotes: 107

KeithS
KeithS

Reputation: 71573

Cookies are stored on the client, not on the server, so Session.Clear won't affect them. Also, Request.Cookies is populated by IIS and given to your page with each request for a page; adding/removing a cookie from that collection does nothing.

Try performing a similar action against Response.Cookies. That should cause your client to overwrite the old cookie with the new one, causing it to be expired.

Upvotes: 9

Related Questions