Unable to delete cookie from javascript

Question

I am on an external site, and I am trying to delete the cookie via javascript.

I did the following in the console:

function deleteAllCookies() {
    var cookies = document.cookie.split(";");

    for (var i = 0; i < cookies.length; i++) {
        var cookie = cookies[i];
        var eqPos = cookie.indexOf("=");
        var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
        document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
    }
}

deleteAllCookies()

which is supposed to set the document cookie to expire in 1970

But after that, I call

document.cookie.split(";")

The cookies are seemingly untouched. Any ideas why?

PS: code above is from stackoverflow Clearing all cookies with JavaScript

Answer 1

A few important things:

• http cookies cannot be used by your js code.

• the same site attribute when assigned the strict value (possible values: strict, lax or none) implies the same domain (same domain with different ports are still considered same domains with cookies)

• when deleting a cookie, you must provide the same params visible in your browser (in Chrome, check the application panel > cookies). That means you need to indicate the sameSite attribute, secure, etc.

// see https://stackoverflow.com/a/2138471/1216281
export function getCookie(name) {
    var nameEQ = name + "=";
    var ca = document.cookie.split(";");
    for (var i = 0; i < ca.length; i++) {
        var c = ca[i];
        while (c.charAt(0) == " ") c = c.substring(1, c.length);
        if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
    }
    return null;
}



export function deleteCookie(name, options = {}) {
    const {
        path = '/',
        domain = '',
        secure = true,
        sameSite = 'Strict'
    } = options;

    if (getCookie(name)) {
        const cookieOptions = [
            `path=${path}`,
            domain ? `domain=${domain}` : '',
            secure ? 'secure' : '',
            sameSite ? `sameSite=${sameSite}` : '',
            'expires=Thu, 01 Jan 1970 00:00:01 GMT'
        ].filter(Boolean).join(';');
        // .filter(Boolean).join(';') is used to remove empty values, ensuring there are no extra semicolons in the cookie string.
        document.cookie = `${name}=; ${cookieOptions}`;
    }
}
``
`

Answer 2

Recently ran into this issue, thought would share my solution here.

I have been using the following to reset cookies.

 document.cookie = 'testcookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/;domain=domain;'

Now this was working for some cookies but for some it was not. On debugging, I found that those cookies for which this failed was set without a domain.

So if the cookie was set with domain, you need domain in the clear request and if cookie was not set with domain you should omit it.

Anyway I ended up doing the below to clear cookies irrespective of the case.

 document.cookie = 'testcookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/;domain=domain;'
 document.cookie = 'testcookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/;domain=;'

This behaviour is similar for both Chrome and Firefox.

Answer 3

What helped me was that you need to delete the cookie in the same state as you created it.

If you created it with a path / and a domain mydomain.com, then you have to delete it with those.

If you did not use path or domain when creating the cookie, you can not have the path or domain when deleting it.

Trick was to delete it in the EXACT same way it was created.

Hope this helps more people, I went crazy on this one even though I used the right path and domain..

Answer 4

Your cookie is most likely not being deleted because when you set the new value, it has to match the path and domain of the original cookie you're trying to delete.

In other words:

 document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=[something];"

that "something" value needs to line up with whatever the existing cookies have set.

JS debuggers might not give you details on what the path and domain are, but it will become obvious which one you're not matching on if you look up the value of the existing cookie in your Chrome->settings or similar panel in Firefox/Safari/IE.

Let me know if that helps.

Answer 5

For me the issue was that I was setting the domain field which is required only if you overrode it when setting the cookie. Therefore, the following should do the trick:

document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/"

Answer 6

I had a similar issue when trying to remove certain cookies. Sometimes this worked:

document.cookie = name + '=;expires=Thu, 01 Jan 1970 00:00:01 GMT;path=/;';

...and sometimes it didn't.

After looking into the Chrome Inspector (Application tab -> Storage sidebar -> Cookies) I noticed that some cookies were set with different domains. Example:

.mydoamin.com
sub.mydomain.com 

So, my solution was to make a generic function that removes the cookie from all domains.

var deleteCookie = function(name) {
    document.cookie = name + '=;expires=Thu, 01 Jan 1970 00:00:01 GMT;path=/;domain=.mydomain.com;';
    document.cookie = name + '=;expires=Thu, 01 Jan 1970 00:00:01 GMT;path=/;domain=sub.mydomain.com;';
};

---

Answer 7

Clear session cookies in ie11?

May be The Link above can give a Help

Just run the JavaScript like Below

document.execCommand("ClearAuthenticationCache")

I tried and The cookie was cleared.

Answer 8

I was working on a browser bookmarklet to remove cookies from the current domain, I had the same issue, my issue was that I was not using domain either. Here is my bookmarklet value eventually:

javascript: (function(){document.cookie.split(";").forEach(function(c) { document.cookie = c.replace(/^ +/, "").replace(/=.*/, "=;expires=" + new Date().toUTCString() + ";domain=." + location.host.split('.').slice(-2).join(".") +";path=/"); }); })();

Note that I replace "domain.com" with location.host.split('.').slice(-2).join(".") so that I always get the domain name without subdemains, i.e. mail.google.com would become google.com. when setting cookie expiry we should ignore the subdemain (at least in my case it was the case.

Answer 9

I had the same issue. I discovered that the cookie was set under an empty subdomain, e.g. the cookie domain was ".domain.com", and my website was hosted at "sub.domain.com".

To fix I added the cookie domain to the set value

document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.domain.com";

To see what domain the cookie is set to, in Chrome, open dev tools -> resources -> cookies and look at the domain fields.