Reputation: 10898
How to remove a cookie in PHP?
When I want to remove a Cookie I try
unset($_COOKIE['hello']);
I see in my cookie browser from firefox that the cookie still exists. How can I really remove the cookie?
Upvotes: 350
Views: 801988
Answers (26)
Reputation: 423
setcookie('key', '', time() - 3600, '/')
may not work if client's time is wrong. More straightforward to use:
setcookie('key', '', 1, '/');
Reference: User contribution notes at https://www.php.net/manual/en/function.setcookie.php
Upvotes: 0
Reputation: 9199
You May Try this
if (isset($_COOKIE['remember_user'])) {
unset($_COOKIE['remember_user']);
setcookie('remember_user', '', -1, '/');
return true;
} else {
return false;
}
Upvotes: 390
Reputation: 972
You can use unset or setcookie
unset($_COOKIE['MYCOOKIE']);
//
setcookie('MYCOOKIE', '', -1, '/');
I prefer to check with isset and than unset or setcookie
if(isset($_COOKIE['MYCOOKIE'])) { unset($_COOKIE['MYCOOKIE']); }
//
if(isset($_COOKIE['MYCOOKIE'])) { setcookie('MYCOOKIE', '', -1, '/'); }
this seems to work too, but don't use it in my opinion
setcookie('MYCOOKIE', '', -1, '/') ?? '';
!isset($_COOKIE['MYCOOKIE']) ?: setcookie('MYCOOKIE', '', -1, '/');
Upvotes: 0
Reputation: 575
To reliably delete a cookie it's not enough to set it to expire anytime in the past, as computed by your PHP server. This is because client computers can and often do have times which differ from that of your server.
The best practice is to overwrite the current cookie with a blank cookie which expires one second after the epoch (1 January 1970 00:00:00 UTC), as so:
setcookie('hello', '', 1);
Upvotes: 38
Reputation: 160
I,m used this in php and it worked fine.
function cookie_unset()
{
setcookie("cookie_name", "", time() - 3600, '/');
unset ($_COOKIE['cookie_name']);
//done
}
Upvotes: 0
Reputation: 1043
Just set the value of cookie to false in order to unset it:
setcookie('cookiename', false);
Upvotes: 8
Reputation: 1856
I found that in Chrome it's impossible to unset a cookie unless you define the last three parameters in the cookie... The domain, that it's secure and http only...
if (isset($_COOKIE['user_id'])) {
unset($_COOKIE['user_id']);
setcookie("user_id", "", time() - 3600, "/", 'yourdomain.com',true,true);
header('Location: /');
} else {
/* other code here */
}
This is how I made it work for me. Read the documentation: All about cookies in the official PHP Site
Upvotes: 2
Reputation: 5968
When you enter 0 for time, you mean "now" (+0s from now is actually now) for the browser and it deletes the cookie.
setcookie("key", NULL, 0, "/");
I checked it in chrome browser that gives me:
Name: key
Content: Deleted
Created: Sunday, November 18, 2018 at 2:33:14 PM
Expires: Sunday, November 18, 2018 at 2:33:14 PM
Upvotes: 1
Reputation: 145
If you want to delete the cookie completely from all your current domain then the following code will definitely help you.
unset($_COOKIE['hello']);
setcookie("hello", "", time() - 300,"/");
This code will delete the cookie variable completely from all your domain i.e; " / " - it denotes that cookie variable's value all set for all domain not just for current domain or path. time() - 300 denotes that it sets to a previous time so it will expire.
Thats how it's perfectly deleted.
Upvotes: 7
Reputation: 9
You have to delete cookies with php in your server and also with js for your browser.. (They has made with php, but cookie files are in the browser client too):
An example:
if ($_GET['action'] == 'exit'){
// delete cookies with js and then in server with php:
echo '
<script type="text/javascript">
var delete_cookie = function(name) {
document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:01 GMT;";
};
delete_cookie("madw");
delete_cookie("usdw");
</script>
';
unset($_COOKIE['cookie_name']);
unset($_COOKIE['cookie_time']);
Upvotes: -2
Reputation: 136
Most of you are forgetting that this will only work on a local machine. On a domain you will need a pattern like this example.
setcookie("example_cookie", 'password', time()-3600, "/", $_SERVER['SERVER_NAME']);
Upvotes: -5
Reputation: 7390
This is how PHP v7 setcookie() code works when you do:
<?php
setcookie('user_id','');
setcookie('session','');
?>
From the output of tcpdump while sniffing on the port 80, the server sends to the client (Browser) the following HTTP headers:
Set-Cookie: user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
Set-Cookie: session=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
Observing packets in the following requests the Browser no longer sends these cookies in the headers
Upvotes: 9
Reputation: 21
$cookie_name = "my cookie";
$cookie_value = "my value";
$cookie_new_value = "my new value";
// Create a cookie,
setcookie($cookie_name, $cookie_value , time() + (86400 * 30), "/"); //86400 = 24 hours in seconds
// Get value in a cookie,
$cookie_value = $_COOKIE[$cookie_name];
// Update a cookie,
setcookie($cookie_name, $cookie_new_value , time() + (86400 * 30), "/");
// Delete a cookie,
setcookie($cookie_name, '' , time() - 3600, "/"); // time() - 3600 means, set the cookie expiration date to the past hour.
Upvotes: 2
Reputation: 3795
A clean way to delete a cookie is to clear both of $_COOKIE value and browser cookie file :
if (isset($_COOKIE['key'])) {
unset($_COOKIE['key']);
setcookie('key', '', time() - 3600, '/'); // empty value and old timestamp
}
Upvotes: 272
Reputation: 87
I know that there has been a long time since this topic has been created but I saw a little mistake within this solution (I can call it like that, because it's a detail). I agree that the better solution is probably this solution:
if (isset($_COOKIE['remember_user'])) {
unset($_COOKIE['Hello']);
unset($_COOKIE['HelloTest1']);
setcookie('Hello', null, -1, '/');
setcookie('HelloTest1', null, -1, '/');
return true;
} else {
return false;
}
But, in the present case, you delete the cookies in every case where the unset function works and immediately you create new expired cookies in case that the unset function doesn't work.
That means that even if the unset function works, it will still have 2 cookies on the computer. The asked goal, in a logical point of view, is to delete the cookies if it is possible and if it really isn't, make it expire; to get "the cleanest" result.
So, I think we better should do:
if (isset($_COOKIE['remember_user'])) {
setcookie('Hello', null, -1, '/');
setcookie('HelloTest1', null, -1, '/');
unset($_COOKIE['Hello']);
unset($_COOKIE['HelloTest1']);
return true;
} else {
return false;
}
Thanks and have a nice day :)
Upvotes: 3
Reputation: 605
You can simply use this customize function:
function unset_cookie($cookie_name) {
if (isset($_COOKIE[$cookie_name])) {
unset($_COOKIE[$cookie_name]);
setcookie($cookie_name, null, -1);
} else { return false; }
}
If you want to remove $_COOKIE['user_account'].
Just use:
unset_cookie('user_account');
Upvotes: 1
Reputation: 7179
Just set the expiration date to one hour ago, if you want to "remove" the cookie, like this:
setcookie ("TestCookie", "", time() - 3600);
or
setcookie ("TestCookie", "", time() - 3600, "/~rasmus/", "example.com", 1);
Source: http://www.php.net/manual/en/function.setcookie.php
You should use the filter_input() function for all globals which a visitor can enter/manipulate, like this:
$visitors_ip = filter_input(INPUT_COOKIE, 'id');
You can read more about it here: http://www.php.net/manual/en/function.filter-input.php and here: http://www.w3schools.com/php/func_filter_input.asp
Upvotes: 2
Reputation: 171
I had the same problem in my code and found that it was a cookie path issue. Check out this stack overflow post: Can't delete php set cookie
I had set the cookie using a path value of "/", but didn't have any path value when I tried to clear it, so it didn't clear. So here is an example of what worked:
Setting the cookie:
$cookiePath = "/";
$cookieExpire = time()+(60*60*24);//one day -> seconds*minutes*hours
setcookie("CookieName",$cookieValue,$cookieExpire,$cookiePath);
Clearing the cookie:
setcookie("cookieName","", time()-3600, $cookiePath);
unset ($_COOKIE['cookieName']);
Hope that helps.
Upvotes: 17
Reputation: 37
To remove all cookies you could write:
foreach ($_COOKIE as $key => $value) {
unset($value);
setcookie($key, '', time() - 3600);
}
Upvotes: 2
Reputation: 223
To delete cookie you just need to set the value to NULL:
"If you've set a cookie with nondefault values for an expiration time, path, or domain, you must provide those same values again when you delete the cookie for the cookie to be deleted properly." Quote from "Learning PHP5" book.
So this code should work(works for me):
Setting the cookie:
setcookie('foo', 'bar', time() + 60 * 5);
Deleting the cookie:
setcookie('foo', '', time() + 60 * 5);
But i noticed that everybody is setting the expiry date to past, is that necessary, and why?
Upvotes: 5
Reputation:
You could set a session variable based on cookie values
session_start();
if(isset($_COOKIE['loggedin']) && ($_COOKIE['loggedin'] == "true") ){
$_SESSION['loggedin'] = "true";
}
echo ($_SESSION['loggedin'] == "true" ? "You are logged in" : "Please Login to continue");
Upvotes: 1
Reputation: 60549
That will unset the cookie in your code, but since the $_COOKIE variable is refreshed on each request, it'll just come back on the next page request.
To actually get rid of the cookie, set the expiration date in the past:
// set the expiration date to one hour ago
setcookie("hello", "", time()-3600);
Upvotes: 22
Reputation: 1836
If you set the cookie to expire in the past, the browser will remove it. See setcookie() delete example at php.net
Upvotes: 8
Reputation: 98052
See the sample labelled "Example #2 setcookie() delete example" from the PHP docs. To clear a cookie from the browser, you need to tell the browser that the cookie has expired... the browser will then remove it. unset as you've used it just removes the 'hello' cookie from the COOKIE array.
Upvotes: 7
Reputation: 10886
Set the value to "" and the expiry date to yesterday (or any date in the past)
setcookie("hello", "", time()-3600);
Then the cookie will expire the next time the page loads.
Upvotes: 315