How to delete all Cookies from a Javascript page?

Asked

Viewed 3,905 times

3

There is a way to delete all (existing) cookies related to a page, using Javascript only?

2 answers

5

The following are two responses withdrawn of Sozão.

This:

function deleteAllCookies() {
    var cookies = document.cookie.split(";");

    for (var i = 0; i < cookies.length; i++) {
        var cookie = cookies[i];
        var eqPos = cookie.indexOf("=");
        var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
        document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
    }
}


And this:

function deleteAllCookies() {
 var c = document.cookie.split("; ");
 for (i in c) 
  document.cookie =/^[^=]+/.exec(c[i])[0]+"=;expires=Thu, 01 Jan 1970 00:00:00 GMT";    
}


The two have a similar limitation: they do not erase cookies without the "=", that is, cookies that have a name but do not have a value. As this is a rare case, both will work well in virtually any normal situation.


For cases where the paths are varied, has this other answer, more "aggressive", but that should be used in conjunction with a loop as the answers above to get the name of each cookie:

function eraseCookieFromAllPaths(name) {
    // This function will attempt to remove a cookie from all paths.
    var pathBits = location.pathname.split('/');
    var pathCurrent = ' path=';

    // do a simple pathless delete first.
    document.cookie = name + '=; expires=Thu, 01-Jan-1970 00:00:01 GMT;';

    for (var i = 0; i < pathBits.length; i++) {
        pathCurrent += ((pathCurrent.substr(-1) != '/') ? '/' : '') + pathBits[i];
        document.cookie = name + '=; expires=Thu, 01-Jan-1970 00:00:01 GMT;' + pathCurrent + ';';
    }
}


Note: as well remembered by @Papacharlie, the browser does not inform the JS the path of the cookies, and the above routine to compensate for this limitation, does a "brute force" scan in the possible paths to the cookies to try to erase them at whatever depth they are. This will only work if JS is called a sublevel equal to or greater than the set in cookie. A possible expansion of the idea would also be to test the domain with and without the www prefix.

  • 1

    As far as I know, browsers don’t report the path nor Domain of cookies, and Location.pathname only returns the path of the current URL, in case it will not replace a cookie with path=/.

  • 1

    @Papacharlie the loop in the routine tries all levels of the path where Voce is, by trial and error. Before the loop he tries to set the path "clean", then tries through the separations by bar, level up to the current.

  • 1

    I noticed now, good suggestion. If AP does not use subdomain, you can include another for for www.dominio.com, and .dominio.com, asism ensures scanning by Domain.

  • 1

    @Papacharlie the authors of the codes are in the answers of the linked question, from Sozão. Well done by the authors, I just transcribed the ones that seemed most sensible ;) - The one with and without www is really a good idea. I edited with a mention your remark, then I’ll go over the code better.

3

I believe the code below solves.

var cookies = document.cookie.split(";");
var expire = new Date();
for (var i = 0; i < cookies.length; i++)
{
    cookie = cookies[i].split("=")[0];
    expire.setDate(expire.getDate()-1);
    document.cookie = "asd=; expires=" + expire;
}

But there are some considerations about domain, path e httponly.

  1. If the cookie is set to httponly = true, cannot be removed via javascript. The parameter httponly serves precisely to prevent the manipulation of cookier by the JS, adding security.

  2. If you created a cookie with the parameters domain e path, will need to use them for removal using the line below overriding in the above code.

document.cookie = name + "=; expires=" + expire + "; domain=" + domain + "; path=" + path;

Browser other questions tagged

You are not signed in. Login or sign up in order to post.