Hello, please sign in or register
You are here: Home

Deleting Server sent Cookies using Javascript

Logging out usually gets a whole server page request all to itself. But really! whats it going to say, "Goodbye", "Come back soon".... or "I'm missing you already".

Making an HTML request to the server in this AJAX 2.0 world is old fashioned. But lets go further here. 

  1. There's no dynamic data to get/set*?

... thats it. No page, ajax request we can do this all in javascript folks.

The problem with Javascript Cookies

The problem with Javascript and cookies is the transparency of the data. Dom access is limited to ...

document.cookie;

Which merely exposes the label and value pairs as a semi-colon separated string .e.g.

"data=no; sid=5be994a7e5ecb4ddc0df5a36e26bf816"

Click Here

What?... no domain, no path - attributes these are required to manipulate the cookies.

For example, the following are useless if we set our domain at a high namespace

var d = new Date();
document.cookie = "data=;expires=" + d.toGMTString() + ";;";
document.cookie = "sid=;expires=" + d.toGMTString() + ";;";
document.cookie;

Since they are defined at a higher namespace splicing in ...

domain=.perplexed.co.uk;

... will cause the desired affect.

document.cookie = "_sid=;domain=.perplexed.co.uk;expires=" + -1 + ";;";

Click Here

So when using client javascript manipulates server defined cookies. Its important that domain and path attributes are available/known to the client.

 * Obviously you might want to store the logout, but how many people consciously logout? Really?

 

References

http://www.hunlock.com/blogs/Cookie_Monsters_Inc

 

Comments

Title*
Comment

Prove you are not a robot

To prove you are not a robot, please type in the six character code you see in the picture below
Security confirmation codeI can't see this!
Contact
Name*
Email never shown*
Home Page

Author

Andrew Dodson
Since:Feb 2007

Comment | flag

Categories

Bookmark and Share