CODEWITHSUNDEEP
angularcookies
gazutu
gazutu

Reputation: 21

cookieService.deleteAll() deletes all cookies except this one

Image enter image description here

I have two angular apps one running at localhost:4200 and other on localhost xampp it is laravel angular app. Clicking on a link in the first app opens the link to the second app where the user is authenticated based on a token. There is a logout button in the first app which should logout user from the second as well the first app and for that, I need to clear all cookies. The laravel_session cookie is set by the second app when the user clicks on a link from the first app.

The last cookie laravel_session stays while all the others get deleted.

import { CookieService } from 'ngx-cookie-service';

constructor( private cookieService: CookieService )


logout(){
    this.cookieService.deleteAll();
}

Upvotes: 1

Views: 5769

Answers (2)

Sunil Kumar
Sunil Kumar

Reputation: 1794

In the development environment localhost; any client side app using Angular or other UI frameworks will need to tweak the server session cookie code as below.

Note: On your backend server you need to turn the cookie setting for httpOnly to False as below code

cookie: {
       secure: false, //set this to true in production over https
       httpOnly: false, //set this to false in development to test delete 
       ....
       ....
}

Later, in your Angular service/component code for logout method use as below:

logout(){

this.cookieService.delete('<your-cookie-name>', '/', 'localhost', false, 'Lax');

}

See ngx-cookie-service documentation

For individual delete:

delete( name: string, path?: string, domain?: string, secure?: boolean, sameSite: 'Lax' | 'None' | 'Strict' = 'Lax'): void;

For Batch delete:

deleteAll( path?: string, domain?: string, secure?: boolean, sameSite: 'Lax' | 'None' | 'Strict' = 'Lax' ): void;

Important: On production both should be set as True | httpOnly & Secure | for a Cookie

Upvotes: 0

Omri L
Omri L

Reputation: 769

You are trying to delete an Http Only cookie from your client code. It's simply not possible.

Using the HttpOnly flag when generating a cookie helps mitigate the risk of client-side script accessing the protected cookie. Therefore, if the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client-side script

Upvotes: 1

Related Questions