Remove a cookie
You May Try this if (isset($_COOKIE[‘remember_user’])) { unset($_COOKIE[‘remember_user’]); setcookie(‘remember_user’, null, -1, “https://stackoverflow.com/”); return true; } else { return false; }
cookies
How do I create and read a value from cookie with javascript?
Here are functions you can use for creating and retrieving cookies. function createCookie(name, value, days) { var expires; if (days) { var date = new Date(); date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000)); expires = “; expires=” + date.toGMTString(); } else { expires = “”; } document.cookie = name + “=” … Read more
Cross-Domain Cookies
Yes, it is absolutely possible to get the cookie from domain1.example by domain2.example. I had the same problem for a social plugin of my social network, and after a day of research I found the solution. First, on the server side you need to have the following headers: header(“Access-Control-Allow-Origin: http://origin.domain:port”); header(“Access-Control-Allow-Credentials: true”); header(“Access-Control-Allow-Methods: GET, POST”); … Read more
What is the maximum size of a web browser’s cookie’s key?
The 4K limit you read about is for the entire cookie, including name, value, expiry date etc. If you want to support most browsers, I suggest keeping the name under 4000 bytes, and the overall cookie size under 4093 bytes. One thing to be careful of: if the name is too big you cannot delete … Read more
What are allowed characters in cookies?
According to the ancient Netscape cookie_spec the entire NAME=VALUE string is: a sequence of characters excluding semi-colon, comma and white space. So – should work, and it does seem to be OK in browsers I’ve got here; where are you having trouble with it? By implication of the above: = is legal to include, but … Read more
Why is jQuery’s .ajax() method not sending my session cookie?
I am operating in cross-domain scenario. During login remote server is returning Set-Cookie header along with Access-Control-Allow-Credentials set to true. The next ajax call to remote server should use this cookie. CORS’s Access-Control-Allow-Credentials is there to allow cross-domain logging. Check https://developer.mozilla.org/En/HTTP_access_control for examples. For me it seems like a bug in JQuery (or at least … Read more
Clearing all cookies with JavaScript
function deleteAllCookies() { var cookies = document.cookie.split(“;”); for (var i = 0; i < cookies.length; i++) { var cookie = cookies[i]; var eqPos = cookie.indexOf(“=”); var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie; document.cookie = name + “=;expires=Thu, 01 Jan 1970 00:00:00 GMT”; } } Note that this code has two limitations: … Read more
Why is it common to put CSRF prevention tokens in cookies?
A good reason, which you have sort of touched on, is that once the CSRF cookie has been received, it is then available for use throughout the application in client script for use in both regular forms and AJAX POSTs. This will make sense in a JavaScript heavy application such as one employed by AngularJS … Read more
Cookie blocked/not saved in IFRAME in Internet Explorer
I got it to work, but the solution is a bit complex, so bear with me. What’s happening As it is, Internet Explorer gives lower level of trust to IFRAME pages (IE calls this “third-party” content). If the page inside the IFRAME doesn’t have a Privacy Policy, its cookies are blocked (which is indicated by … Read more
How to delete a cookie?
Try this: function delete_cookie( name, path, domain ) { if( get_cookie( name ) ) { document.cookie = name + “=” + ((path) ? “;path=”+path:””)+ ((domain)?”;domain=”+domain:””) + “;expires=Thu, 01 Jan 1970 00:00:01 GMT”; } } You can define get_cookie() like this: function get_cookie(name){ return document.cookie.split(‘;’).some(c => { return c.trim().startsWith(name + ‘=’); }); }