How do you remove a Cookie in a Java Servlet

Question

How do you remove a cookie in a Java servlet   I tried this  http   www jguru com faq view jsp EID 42225  EDIT  The following now works successfully it appears to be the combination of   response setContentType  text html      and  cookie setMaxAge 0     Before I was doing     remove single signon cookie if it hasn t been validated yet response setContentType  text html    Cookie cookie   new Cookie SSORealm SSO COOKIE NAME       cookie setDomain SSORealm SSO DOMAIN   cookie setMaxAge -1   cookie setPath       cookie setComment  EXPIRING COOKIE at     System currentTimeMillis     response addCookie cookie     Which expires the cookie when the browser is closed as per the documentation      A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits  A zero value causes the cookie to be deleted     The full working snippet to expire a cookie is     remove single signon cookie if it hasn t been validated yet response setContentType  text html    Cookie cookie   new Cookie SSORealm SSO COOKIE NAME       cookie setDomain SSORealm SSO DOMAIN   cookie setMaxAge 0   cookie setPath       cookie setComment  EXPIRING COOKIE at     System currentTimeMillis     response addCookie cookie

User · Answer

The proper way to remove a cookie is to set the max age to 0 and add the cookie back to the HttpServletResponse object.

Most people don't realize or forget to add the cookie back onto the response object. By doing that it will expire and remove the cookie immediately.

...retrieve cookie from HttpServletRequest
cookie.setMaxAge(0);
response.addCookie(cookie);

User · Answer

Cookie   cookies   request getCookies    if cookies  null  for  int i   0  i  lt  cookies length  i       cookies i  setMaxAge 0       did that not worked  This removes all cookies if response is send back

User · Answer

This is code that I have effectively used before  passing     as the strPath parameter   public static Cookie eraseCookie String strCookieName  String strPath        Cookie cookie   new Cookie strCookieName           cookie setMaxAge 0       cookie setPath strPath        return cookie

User · Answer

In my environment  following code works  Although looks redundant at first glance  cookies i  setValue      and cookies i  setPath       are necessary to clear the cookie properly       private void eraseCookie HttpServletRequest req  HttpServletResponse resp        Cookie   cookies   req getCookies        if  cookies    null          for  Cookie cookie   cookies                cookie setValue                  cookie setPath                   cookie setMaxAge 0               resp addCookie cookie

User · Answer

Keep in mind that a cookie is actually defined by the tuple of it s name  path  and domain   If any one of those three is different  or there is more than one cookie of the same name  but defined with paths domains that may still be visible for the URL in question  you ll still see that cookie passed on the request   E g  if the url is  http   foo bar com baz index html   you ll see any cookies defined on bar com or foo bar com  or with a path of     or   baz    Thus  what you have looks like it should work  as long as there s only one cookie defined in the client  with the name  SSO COOKIE NAME   domain  SSO DOMAIN   and path       If there are any cookies with different path or domain  you ll still see the cookie sent to the client   To debug this  go into Firefox s preferences -  Security tab  and search for all cookies with the SSO COOKIE NAME   Click on each to see the domain and path   I m betting you ll find one in there that s not quite what you re expecting

User · Answer

One special case  a cookie has no path   In this case set path as cookie setPath request getRequestURI     The javascript sets cookie without path so the browser shows it as cookie for the current page only  If I try to send the expired cookie with path      the browser shows two cookies  one expired with path      and another one with path    current page

User · Answer

The MaxAge of -1 signals that you want the cookie to persist for the duration of the session  You want to set MaxAge to 0 instead   From the API documentation    A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits  A zero value causes the cookie to be deleted

[java] How do you remove a Cookie in a Java Servlet

Examples related to java

Examples related to servlets

Examples related to cookies