How to delete cookie with HttpOnly using PHP or JS

javascript php cookies cookie-httponly
anton2g picture anton2g · Nov 4, 2015 · Viewed 33.2k times · Source

I have a cookie with these parameters:

Name:   workgroup_session_id
Content:    ""
Domain: agrobman1.tsi.lan
Path:   /
Send for:   Any kind of connection
Accessible to script:   No (HttpOnly)
Created:    Wednesday, November 4, 2015 at 9:31:58 AM
Expires:    When the browsing session ends

I have tried to delete the cookie using PHP using this code:

setcookie("workgroup_session_id", "\"\"", time() - 3600, "/", "agrobman1.tsi.lan", false, true);

But I am still unable to delete it. Does anyone know how to delete a cookie of this type using PHP or JS?

Answer

Andrew picture Andrew · Apr 14, 2017

You cannot delete an HttpOnly cookie on the client-side with javascript, as this post points out. It has to be done on the server side, as Neta points out.

Related questions

What are cookies and sessions, and how do they relate to each other?

I am trying to understand cookies and sessions professionally. I know that when a browser connects to a server, the server "asks" the browser to "paste" a cookie with "phpsessid" in the client browser cookies folder. Now that we have …

Read More
Is it possible to block cookies from being set using Javascript or PHP?

A lot of you are probably aware of the new EU privacy law, but for those who are not, it basically means no site operated by a company resident in the EU can set cookies classed as 'non-essential to the …

Read More
Set cookie on multiple domains with PHP or JavaScript

I have 3 domains that are themed the same. If somebody chooses a different theme, I want it to propagate across all 3 domains so their experience stays the same. I was planning to accomplish this by setting a cookie on domain1, …

Read More