Can a userscript delete cookies from a given domain?

Thomas Eding picture Thomas Eding · Feb 3, 2010 · Viewed 8.4k times · Source

Can Greasemonkey delete cookies from a given domain? If so, how?

Answer

Brock Adams picture Brock Adams · Mar 15, 2012

There are major limitations on what Greasemonkey can delete. Other tools may be better for what you want, see below. But, if all of these conditions are met:

  • The cookies you want to delete are on the current page's domain.
  • They are not "Secure cookies".
  • You loop through the possible paths, including /, a blank path, etc.
  • No cookies are set by javascript, after the page loads.
  • The thing tracking you really is a "cookie". Many websites use a variety of other techniques, including LSO's, local storage, etc.

THEN, the following code will delete them:

//--- Loop through cookies and delete them.
var cookieList  = document.cookie.split (/;\s*/);

for (var J = cookieList.length - 1;   J >= 0;  --J) {
    var cookieName = cookieList[J].replace (/\s*(\w+)=.+$/, "$1");

    eraseCookie (cookieName);
}

Where eraseCookie() is:
(Note that this eraseCookie gets many more cookies by attempting all possible paths and the most likely sub-domains.)

function eraseCookie (cookieName) {
    //--- ONE-TIME INITS:
    //--- Set possible domains. Omits some rare edge cases.?.
    var domain      = document.domain;
    var domain2     = document.domain.replace (/^www\./, "");
    var domain3     = document.domain.replace (/^(\w+\.)+?(\w+\.\w+)$/, "$2");;

    //--- Get possible paths for the current page:
    var pathNodes   = location.pathname.split ("/").map ( function (pathWord) {
        return '/' + pathWord;
    } );
    var cookPaths   = [""].concat (pathNodes.map ( function (pathNode) {
        if (this.pathStr) {
            this.pathStr += pathNode;
        }
        else {
            this.pathStr = "; path=";
            return (this.pathStr + pathNode);
        }
        return (this.pathStr);
    } ) );

    ( eraseCookie = function (cookieName) {
        //--- For each path, attempt to delete the cookie.
        cookPaths.forEach ( function (pathStr) {
            //--- To delete a cookie, set its expiration date to a past value.
            var diagStr     = cookieName + "=" + pathStr + "; expires=Thu, 01-Jan-1970 00:00:01 GMT;";
            document.cookie = diagStr;

            document.cookie = cookieName + "=" + pathStr + "; domain=" + domain  + "; expires=Thu, 01-Jan-1970 00:00:01 GMT;";
            document.cookie = cookieName + "=" + pathStr + "; domain=" + domain2 + "; expires=Thu, 01-Jan-1970 00:00:01 GMT;";
            document.cookie = cookieName + "=" + pathStr + "; domain=" + domain3 + "; expires=Thu, 01-Jan-1970 00:00:01 GMT;";
        } );
    } ) (cookieName);
}

Optional function, for information or debug:

function listCookies () {
    var cookieList  = document.cookie.split (/;\s*/);

    for (var J = 0, numCookies = cookieList.length;   J < numCookies;  ++J) {
        console.log ("Cookie ", J, ": ", cookieList[J]);
    }
}



Your GM script can also use iFrame tricks to delete cookies on third-party domains, but GM is not the best way to handle cookies, in general.

Don't be fooled by any other claims, Greasemonkey and javascript simply cannot delete a cookie unless all of the conditions, listed at the top of this answer, are met. Note that javascript and Greasemonkey cannot even see all the cookies on a page.

Greasemonkey is not the best tool for this, although it may be adequate for select situations.

Here are some far more powerful solutions:

  1. Use Selective Cookie Delete. It keeps the cookies you want and deletes the rest. It does this at the push of a very handy button or automatically when Firefox closes. Both white-lists and black-lists are supported.
  2. Use BetterPrivacy for sneakier LSO's.
  3. Run CCleaner at least once a week, to exorcise a broad spectrum of tracking and cruft.
  4. For powerful, custom, fully-automated cookie removal that does not have the severe limitations that Greasemonkey has, and that runs more often than Selective Cookie Delete, you can write your own browser extension.