*Really* deleting cookies with javascript - Stack Overflow

admin管理员组

文章数量:1287583

The way to delete cookies in javascript is to set the expiry date to be in the past. Now this doesn't actually delete the cookie, at least in Firefox. It just means the cookie will be deleted on browser close.

This is a problem for us: we have a product that involves archiving web pages from potentially many sites, with all this content stored on our server. And to make sure that pages render properly we include all js as well. However often cookies are set by js, and given that the page is cached on our server, these cookies are set under our domain.

So over time cookies from dozens of archived sites build up under our domain. And eventually the Cookie header exceeds the max content length, resulting in an HTTP 400 error code.

And because our clients are mostly in corporate environments they never reboot their machines or close their browsers: they can be left on for months. So this "soft" delete doesn't work, at least not reliably.

Is there any way to physically remove cookies intra-session in javscript? Or alternatively, is there any way to stop them being set?

The way to delete cookies in javascript is to set the expiry date to be in the past. Now this doesn't actually delete the cookie, at least in Firefox. It just means the cookie will be deleted on browser close.

This is a problem for us: we have a product that involves archiving web pages from potentially many sites, with all this content stored on our server. And to make sure that pages render properly we include all js as well. However often cookies are set by js, and given that the page is cached on our server, these cookies are set under our domain.

So over time cookies from dozens of archived sites build up under our domain. And eventually the Cookie header exceeds the max content length, resulting in an HTTP 400 error code.

And because our clients are mostly in corporate environments they never reboot their machines or close their browsers: they can be left on for months. So this "soft" delete doesn't work, at least not reliably.

Is there any way to physically remove cookies intra-session in javscript? Or alternatively, is there any way to stop them being set?

• javascript
• cookies

Share Improve this question Follow edited Aug 10, 2015 at 18:49 Brian Tompsett - 汤莱恩 5,8937272 gold badges6161 silver badges133133 bronze badges asked Jul 29, 2011 at 16:39 Richard HRichard H 39.1k3838 gold badges114114 silver badges141141 bronze badges 5

• Why do the headers exceed max content length? – ninjagecko Commented Jul 29, 2011 at 16:47
• 1 because sites that a user is archiving set cookies under our domain. The more sites being archived, the more cookies get set. To be more clear: a user would view an archived page like this: ourdoamin./page-from-archived-site.html. So if thispage sets a cookie in js, it gets set under ourdomain. – Richard H Commented Jul 29, 2011 at 16:53
• Please clarify "sites that a user is archiving set cookies under our domain". As you probably are aware, it is impossible for other domains to set cookies under your domain, so they must be using iframes or something and you must be setting those cookies, right? What's wrong with just using one cookie? – ninjagecko Commented Jul 29, 2011 at 16:57
• @ninjagecko, I think that they are achiving other people's sites and the archived javascript is setting the cookies. – gpojd Commented Jul 29, 2011 at 16:59
• 1 It is because we are NOT using iframes that we have this issue. The cached page is being rendered by our server, so any cookies get set under our domain. – Richard H Commented Jul 29, 2011 at 16:59

Add a ment  | 

4 Answers 4

Sorted by: Reset to default 5

It's not possible. Period. I've been struggling with this for several weeks without finding a solution.

Whoever invented the cookie getter/setter should be %insert_painful_punishment_here%.

Particularly Internet Exploder is a beast when it es to deleting cookies. I can't remember the exact issue, but I think it involved https and cookie names containing ;.

All I can offer is a workaround: Send a response body with your 400 response, something like 'please restart your browser'.

In addition to setting the expiration in the past, set the value to an empty string. This will at least reduce the size of the cookie immediately.

I would think that cookies should be deleted immediately in all browsers. For example, when I log out of a website, Firefox does not require me to close my browser to delete the cookie that shows that I am logged into the site. If this isn't happening, I suggest you look into Firefox bugs and possibly open a new one with them.

In the meantime, I'd look at my web server and see if it is possibly to set the max content length to something higher than it already is.

You could overwrite the cookie with a new one.

"It is because we are NOT using iframes that we have this issue. The cached page is being rendered by our server, so any cookies get set under our domain." --OP

If you have no control over the javascript that is setting the cookies (which seems extremely odd, why do you not have control?), you can constantly read and empty the cookie, dumping the data to another larger database (preferably server-side, or perhaps HTML5 client storage).

本文标签： *Really* deleting cookies with javascriptStack Overflow