Since GDPR we all have cookie preferences and obliged to remove cookies if user withdraw their consent. However, if you have Google Analytics (www.googletagmanager.com/gtag) and clean cookies on a button press event, you can find out after page reload that you still have some GA cookies like _gali and _ga_XXXXXX. So, the question is how to kill these?
Apparently GA sets some cookies on document unload (or beforeunload) event. So if you clean up on unload event it works then:
function removeAllCookies() {
document.cookie.split( ";" ).forEach( cookie => {
const [ name ] = cookie.split( "=" );
document.cookie = name + `=; path=/; domain=.YOUR-DOMAIN.com;expires=Thu, 01 Jan 1970 00:00:00 GMT`;
document.cookie = name + "=; path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT";
});
}
window.addEventListener("unload", () => removeAllCookies() );
Related
I'm trying to delete a cookie in Android Chrome (latest version).
DevTools (phone connected to PC via USB) shows the following cookies when I navigate my phone to www.domain.com/admin/clearcookies:
Name Value Domain Path Expires
data-cookie-name foo www.domain.com / 2020-09-16T07:57:01.000Z
data-cookie-name bar .domain.com / 2021-03-24T09:03:04.000Z
On page load I run the following javascript:
function deleteOldWwwScopedCookiesThatWereConflictingWithNewNonWwwCookiesThatISwitchedToBecauseOfLanguageSubdomains()
{
var cookies = document.cookie.split(";");
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i];
var eqPos = cookie.indexOf("=");
var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
var tmp = name + "=;domain=www.domain.com;expires=Thu, 01 Jan 1970 00:00:00 GMT";
console.log(tmp);
document.cookie = tmp;
}
}
deleteOldWwwScopedCookiesThatWereConflictingWithNewNonWwwCookiesThatISwitchedToBecauseOfLanguageSubdomains();
I reload the page nummerous times, and see the console correctly output
data-cookie-name=;domain=www.domain.com;expires=Thu, 01 Jan 1970 00:00:00 GMT
There's no errors in the console.
But if I view the page request in the network tab I get the same cookies listed as above.
I've tried a couple of variations as well:
dropping the domain: data-cookie-name=;expires=Thu, 01 Jan 1970 00:00:00 GMT
adding a path: data-cookie-name=;domain=www.domain.com;path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT
No dice.
Nothing I seem to try will get rid of this unwanted cookie that is overriding the .domain.com one.
What am I doing wrong? Please!
I think what I needed was a combination of the two alternatives that I'd tried.
Adding a path AND dropping the domain:
data-cookie-name=;path=/;expires=Thu, 01 Jan 1970 00:00:00 GMT
I've no idea why it's important to NOT specify the domain. Can anyone explain?
I have a div with a Welcome message that shows up before the index page and I want that div to appear only once per session.
How would I set a cookie to show a div only once?
I never used cookies before for something like this, normally I would use Local Storage but this website is visited frequently by older browsers and that's a problem.
You may take a look at the documentation of the document.cookie and more specifically example 3:
if (document.cookie.replace(/(?:(?:^|.*;\s*)someCookieName\s*\=\s*([^;]*).*$)|^.*$/, "$1") !== "true") {
alert("Do something here!");
document.cookie = "someCookieName=true; expires=Fri, 31 Dec 9999 23:59:59 GMT; path=/";
}
In this example the cookie is created with expires flag meaning that it will be persistent and survive browser restarts. If you want to perform the action only once per browser session simply remove the expires flag when setting the cookie:
if (document.cookie.replace(/(?:(?:^|.*;\s*)someCookieName\s*\=\s*([^;]*).*$)|^.*$/, "$1") !== "true") {
alert("Do something here!");
document.cookie = "someCookieName=true; path=/";
}
I'd like to create a cookie that expires within 5 minutes of the user visiting my page.
I know about add_cookie() function, but have no idea how to set it to expire.
You can set cookies in the scripts/response_main.ts file as such:
set_cookie("cookie_name", "cookie_val")
cookie("cookie_name") {
cookie.expires("Wed, 09 Jun 2021 10:18:14 GMT")
}
Check out this link for more info.
I am running IE6 from 6.0.3790 (hosted on Citrix Server).
In Logoff we have expired the cookie using
curDate.setTime(curDate.getTime() - 24 * 60 * 60 * 1000);
document.cookie = name + "=; expires=" + curDate.toGMTString() + "; path=/; domain=" + cookieDomain;
where name is the name of cookie.
Problem is with this browser the cookie never expr
Don't use relative date/times for the expiration value. It's safer to use an absolute one like expires=Thu, 01-Jan-1970 00:00:01 GMT;. You're depending on the client's clock to be reasonably accurate, which isn't always the case.
As well, the domain and path settings have to be identical to what they were went the cookie was originally set.
It's also best to set the cookie's value to something obvious, like "deleted", rather than a blank value (name=), in case the browser interprets the lack of a value as "nothing should be changed".
All,
Although I see related topics on the forum, but I don't see a clear solution on this issue.
I am trying to set a javax.servlet.http.Cookie with an expiration time (so that it persists across browser sessions). Code:
public void respond(HttpServletRequest req, HttpServletResponse resp) {
int expiration = 3600;
Cookie cookie = new Cookie("TestCookie", "xyz");
cookie.setDomain("");
cookie.setVersion(0);
cookie.setPath("/");
cookie.setMaxAge(expiration);
cookie.setSecure(false);
resp.addCookie(cookie);
}
I don't see this cookie being set when I check in IE developer tools. Searching on the internet gave me clues that IE doesn't consider Max-Age, but only works with Expires. If this does not work for IE, then is there a proven way of setting the HTTP response headers for a persistent cookie so that it works for IE?
PS: This works fine on all other browsers.
I tried creating a string for the cookie having expires attribute. IE succeeded in creating it, but it lost the domain (default - "") and showed ".com" and turned it into a session cookie instead of a persistent cookie. This again works fine on all other browsers.
Please help.
Thanks.
Working with IE9, I found that it was the HttpOnly attribute that was required in order to get it to echo the cookie value on subsequent posts, e.g:
Set-Cookie: autologCk1=ABCD; Path=/autolog/; HttpOnly
The answer is at Persistent cookies from a servlet in IE.
Your case may be a different flavour of the same issue: that is, by prefixing the domain with a "." (which I'm pretty sure is a version 1 cookie feature), something in the Java stack decides it's a version 1 cookie (unrecognized and not persisted by IE, even IE8) and sends that cookie format.
Or, as that answer suggests, is there something in your cookie value that contains an unrecognized character?
As javax.servlet.http.Cookie does not allow you to set Expires attribute to the cookie, you should set it manually.
You also need to know that Expires must be specified in the form of Wdy, DD Mon YYYY HH:MM:SS GMT following RFC-2616 Full Date section (more info).
In Java you can do it this way:
public void respond(HttpServletRequest req, HttpServletResponse resp) {
int expiration = 3600;
StringBuilder cookie = new StringBuilder("TestCookie=xyz; ");
DateFormat df = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss 'GMT'", Locale.US);
Calendar cal = Calendar.getInstance();
cal.add(Calendar.SECOND, 3600);
cookie.append("Expires=" + df.format(cal.getTime()) + "; ");
cookie.append("Domain=; ");
cookie.append("Version=0; ");
cookie.append("Path=/; ");
cookie.append("Max-Age=" + expiration + "; ");
cookie.append("Secure; ");
resp.setHeader("Set-Cookie", cookie.toString());
}