Clear cookies on browser close - cookies

How to clear the cookies that has been stored through my asp.net mvc(C#) application, when the user closes the browser?
Is there any option to create a cookie such that it expires once the browser closed?
I need to use cookies, because i will store some of the values to be maintained until the browser is closed.
For example, During sign in i may store the userid in cookie, which i can use for my application processes till the bwoser closes.
Session will expire after some particular time, which i need to overcome with using cookies

Sessions are usualy used for this. According to Wikipedia, when no expiration date is set, a cookie is cleared when the user closes the browser.
The cookie setter can specify a deletion date, in which case the cookie will be removed on that date. If the cookie setter does not specify a date, the cookie is removed once the user quits his or her browser.

As mentioned in this SO question:
Response.Cookies("cookie_name").Expires = Session.Timeout;

you can use this script and call it in the body tag
<body onunload="dc()">
</body>
<script type="text/javascript">
function dc(){
document.cookie = 'access=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}
</script>

When I set my cookie to expire in the past or did not set it at all, it caused by SSO login to get into an infinite loop with my site. Probably I configured my site wrong to work with the SSO login.
But what worked for me was just adding 2 seconds to the cookie expiration time.
trackCookie.Expires = DateTime.Now.AddSeconds(2);
This gives the cookie the validity on login. And expires it soon after. So on close of the browser, the cookie is deleted.

Related

What happen if Cookie 'Expires/Max-Age' is 'N/A' or not set

I tried to increase the cookie expiry time and activated sliding expiry.
But the cookie expiry is still "N/A"
what problems will it cause, why expiry is not shown. In this case what will happen to cookie. when will it expire.
It means the cookie will expire at the end of the session (when the browser closes, but not always).
When user privacy is a concern, It is important that any web app
implementation will invalidate cookie data after a certain timeout and
won't rely on the browser clearing session cookies.
One of the most beloved features of Firefox prevents session cookies from ever
expiring. The same issue is also occuring with google chrome (and
probably with other browsers offering similar features)

gmail for business session cookie not persisting

When I'm logged in to a google account, site responses contain this cookie:
set-cookie:SIDCC=xxx; expires=Mon, 27-Nov-2017 06:12:16 GMT; path=/; domain=.google.com; priority=high
However when I restart Chrome and visit same site, no cookie is sent. Why is that? I thought that expires makes it persistent.
There and multiple cookies are generated by the server and cookies are stored on the browser.
There are few cookies are having the short expiry and some have the long expiry. If cookie gets expired (deleted from the browser) then the browser will not append that cookie in the request. So sever again set the cookie on the browser.
Since cookie are generated by the server and cookies are used by the server so whenever the server wants to set cookie it can change. Usually, some cookies are persistent and some are not persistent always.
So there will be a case some cookie is stored for a long time duration but server used to the keep on changing. So, In that case, it will set the cookie again.
As per your example, this SIDCC cookie is used by the google apps. So this cookie is kept on changing the other cookie like SID and HSID are not changing on browser reopen. There few cookies like NID, SAPISID, and Compass is also changing. The SAPISID is changing after the few transaction or after a particular transaction.

Django delete all cookies for all users

I have the django view to set the value in cookies 'no_show_dialog' when a user clicks 'Don't remind me anymore' in the modal dialog.
Now i changed that dialog completely and want to reset that cookie for all users, so they will have to see it again at least once.
I know there is a way to delete the cookie in a view for a particular user:
response.delete_cookie('no_show_dialog')
But how to loop over all users and remove that cookie once?
You can't do that. Cookies are stored on the client; the only time you have access to them is when the particular browser makes a request and receives the response.
The best thing to do here is to simply use a different name for the cookie from now on. This will ensure that no users will have it set initially. Alternatively you might consider using the session for future settings.
As Daniel said you cannot delete all cookies in response as they are stored on client side.
In Django you create a response object for a particular request object in your views. Which means that you can only delete a cookie for that particular request and not for all the requests that was served by your Django server.
What you can do here is set expiry time for a cookie by using max_age as keyword argument in set_cookie method For Example :
response = HttpResponse('your response')
response.set_cookie('user_id', user_id, max_age=30)
return response
This will expire the cookie after the specified time for every client.

Session cookie that expires

Is it possible to have a session cookie that expires? Ie. I want the cookie to last maximum 30 minutes, but also get deleted if the user closes his browser. Workarounds are also welcome.
Tried the max-age setting, but that made it not delete when the browser ends.
As far as I know, you can't do both in one cookie. It's one or the other, so either:
set the max-age to 30 minutes to create a persistent cookie; or
don't set the max-age to create a session cookie.
What you could do, however, is create both a session cookie and a 30 minute persistent cookie with different names, and then base your session handling on the presence of both cookies.

Get cookie according to domain

I want to reset all previous cookie for particular domain.
Is there any way so I can get all the cookie for particular domain? Right now cookie I have cookies for google and my site. I want cookies only for my site.
Expiring ( removing ) a cookie uses the same command as creating a cookie. The cookie value is left blank and the expiration time needs to be in the past.
To expire the cookie ‘mycookie’ use:
setcookie('mycookie','',1);
To retrieve cookie information, use:
// Print a cookie
echo $_COOKIE["mycookie"];
// View all cookies
print_r($_COOKIE);
You cannot get any more information than the information you store in the cookie. The cookie is not stored on the server, but on the client computer, that is the immediate reason why you can't get more information about the cookie.
I hope this is sufficient information to be an answer to you.