205

How can I delete a specific cookie with the name roundcube_sessauth?

Shouldn't the following:

function del_cookie(name) {
    document.cookie = 'roundcube_sessauth' + 
    '=; expires=Thu, 01-Jan-70 00:00:01 GMT;';
}

And then:

<a href="javascript:del_cookie(name);">KILL</a>

Kill the roundcube_sessauth cookie?

Improve this question
7
  • 1
    name? What's the point of that? Or is it a hangover from a more versatile version that allows you to specify the cookie name?
    – paxdiablo
    Commented May 15, 2012 at 1:21
  • Don't think that's a dupe. It specifically asks about clearing all cookies.
    – paxdiablo
    Commented May 15, 2012 at 1:22
  • 1
    I don't want to delete all cookies... Just one. I found the basic code from googling around. And of course I tried it. @Paxdiablo I assumed it for naming the cookie, but I might be completely wrong.
    – Charlie
    Commented May 15, 2012 at 1:22
  • @paxdiablo - How can I delete a specific cookie...
    – Derek 朕會功夫
    Commented May 15, 2012 at 4:02
  • 1
    @Derek et al, you seem to misunderstand. I was stating that the proposed dupe from Gabe wasn't a dupe at all because the proposed dupe asked about deleting all cookies and this question asks about deleting a specific cookie. I was not complaining about this question in any way, shape or form :-)
    – paxdiablo
    Commented May 15, 2012 at 4:10

9 Answers 9

Reset to default
358

You should define the path on which the cookie exists to ensure that you are deleting the correct cookie.

function set_cookie(name, value) {
  document.cookie = name +'='+ value +'; Path=/;';
}
function delete_cookie(name) {
  document.cookie = name +'=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}

If you don't specify the path, the browser will set a cookie relative to the page you are currently on, so if you delete the cookie while on a different page, the other cookie continues its existence.

Edit based on @Evan Morrison's comment. Be aware that in some cases to identify the correct cookie, the Domain parameter is required. Usually it's defined as Domain=.yourdomain.example. Placing a dot in front of your domain name means that this cookie may exist on any sub-domain (www also counts as sub-domain).

Also, as mentioned in @RobertT's answer, HttpOnly cookies cannot be deleted with JavaScript on the client side.

Improve this answer
4
  • 31
    This was driving me nuts! After I added Path=/, I was able to delete. Thanks!
    – duyn9uyen
    Commented Sep 12, 2014 at 18:05
  • 13
    This should be the correct answer, it doesn't work without Path in most cases.
    – SuperMarco
    Commented Jun 9, 2015 at 13:36
  • 14
    I wasn't able to delete a cookie until I added both path and the correct 'Domain=value; ' ... So my statement was: document.cookie = "cookieName= ; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.myDomain.com"
    – Evan Morrison
    Commented May 19, 2016 at 0:01
  • 1
    This solution still works, but can be written slightly more concisely with Max-Age=0, if you care about such things.
    – MaxPRafferty
    Commented Nov 6, 2017 at 21:05
203

In order to delete a cookie set the expires date to something in the past. A function that does this would be.

var delete_cookie = function(name) {
    document.cookie = name + '=;expires=Thu, 01 Jan 1970 00:00:01 GMT;';
};

Then to delete a cookie named roundcube_sessauth just do.

delete_cookie('roundcube_sessauth');
Improve this answer
9
  • 2
    I feel like this should be working (it looks like it should work :D!), but I'm viewing the cookies set by my page in firefox and when I click the "KILL" button, the cookie isn't getting deleted. Any idea why?
    – Charlie
    Commented May 15, 2012 at 1:29
  • This works in Google Chrome. Install firebug and see if there are any errors.
    – user672118
    Commented May 15, 2012 at 1:30
  • 1
    No errors, I guess it's just not deleting the cookie in Roundcube. It probably deletes other cookies just fine.
    – Charlie
    Commented May 15, 2012 at 1:39
  • 43
    For users looking for an answer to this question, please see the answer below. The path=/ key is important for browser compatibility.
    – bencripps
    Commented Jun 23, 2015 at 15:07
  • 2
    This answer didn't work for me on Chrome, haven't tried it in Firefox. But emii's answer below did work.
    – Daniel F
    Commented Aug 1, 2015 at 22:50
11

//if passed exMins=0 it will delete as soon as it creates it.

function setCookie(cname, cvalue, exMins) {
    var d = new Date();
    d.setTime(d.getTime() + (exMins*60*1000));
    var expires = "expires="+d.toUTCString();  
    document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}

setCookie('cookieNameToDelete','',0) // this will delete the cookie.
Improve this answer
2
  • exMins is undefined in this example, you probably meant exdays
    – bhurlow
    Commented Dec 19, 2016 at 21:44
  • Yeah.. instead rename argument exdays to exMins.. thanks #BhBh
    – Kishor Patil
    Commented Dec 21, 2016 at 3:32
10

I'm not really sure if that was the situation with Roundcube version from May '12, but for current one the answer is that you can't delete roundcube_sessauth cookie from JavaScript, as it is marked as HttpOnly. And this means it's not accessible from JS client side code and can be removed only by server side script or by direct user action (via some browser mechanics like integrated debugger or some plugin).

Improve this answer
2

You can try this solution

var d = new Date();
d.setTime(d.getTime());
var expires = "expires="+d.toUTCString();
document.cookie = 'COOKIE_NAME' + "=" + "" + ";domain=domain.example;path=/;" + expires;
Improve this answer
0
1 
function deleteCookieByName(name) {
    let newCookie = document.cookie.replace(new RegExp(`${name}=[^ ]*( )?`), '');
    document.__defineGetter__("cookie", function() {return newCookie} );
}
Improve this answer
1
  • 2
    Please read How do I write a good answer?. While this code block may answer the OP's question, this answer would be much more useful if you explain how this code is different from the code in the question, what you've changed, why you've changed it and why that solves the problem without introducing others.
    – Saeed Zhiany
    Commented Jun 20, 2022 at 3:00
1

It is worth mention that a HttpOnly is not accessible from javascript client side code.

You can, however, call a "/delete" route from your server. The route will send a new cookie with expires = "some date in the past", overwriting/deleting the previous cookie!

Here is a server route example using the "Express" framework for a HTTP DELETE request:

const express = require("express")
const routes = express.Router()
routes.delete("/delete-cookie", (req, res) => {
res
  .status(200)  //OK
  .clearCookie("name-of-your-cookie")
  .send("Cookie deleted from user's browser")
})
Improve this answer
0

In my case I used blow code for different environment.

  document.cookie = name +`=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;Domain=.${document.domain.split('.').splice(1).join('.')}`;
Improve this answer
0

for Cookies you can refer this cookie documentation

for setting the cookies with domain in js:

 function setCrossSubdomainCookie(cookieName, cookieValue, minutes) {
  const assign = `${name}=${escape(value)};`
  const d = new Date()
  d.setTime(d.getTime() + minutes * 60 * 1000)
  const expires = `expires=${d.toUTCString()};`
  const path = "path=/;"
  const domain = "domain=.domainName.example;"
  document.cookie = assign + expires + path + domain
}

For deleting the cookies with domain in js:

export async function deleteCookie(name) {
  document.cookie = `${name}=; path=/; domain=.edyst.com; expires=${new Date(
    0
  ).toUTCString()}`
}

Note: we cannot store cookies without expiry time but domain is optional can be excluded and if want to store cookie for long or don't want your cookie to expire then use this while setting the cookie

 const expires = "expires=Fri, 31 Dec 9999 23:59:59 GMT"
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.