Home » Nodejs » Destroy cookie NodeJs

Destroy cookie NodeJs

Posted by: admin November 30, 2017 Leave a comment

Questions:

I am using Cookies module for setting cookie. Here is following my code:

var options = { maxAge: ALMOST_ONE_HOUR_MS,
                                domain: '.test.com',
                                expires: new Date(Date.now() + ALMOST_ONE_HOUR_MS)
                              };
                var value = userInfo.token;
                cookies.set( "testtoken", value, options );

But in documentation i haven’t found how to destroy this cookie.

Any suggestion would be appreciated.

Answers:

For webapp you can just set cookie in response as :

res.cookie("key", value);

and to delete cookie :

res.clearCookie("key");

Questions:
Answers:

There is no way to delete a cookie according to the HTTP specification. To effectively “delete” a cookie, you set the expiration date to some date in the past. Essentially, this would result in the following for you (according to the cookies module documentation):

cookies.set('testtoken', {maxAge: Date.now()});

Or according to the HTTP specification:

cookies.set('testtoken', {expires: Date.now()});

Both of which should work. You can replace Date.now() with new Date(0) for a really old date.

Questions:
Answers:

I’m using this with cookie-parser module:

router.get('/logout', function(req, res){
    cookie = req.cookies;
    for (var prop in cookie) {
        if (!cookie.hasOwnProperty(prop)) {
            continue;
        }    
        res.cookie(prop, '', {expires: new Date(0)});
    }
    res.redirect('/');
});

Questions:
Answers:

To delete any http cookie if we just try to clear it from response [using res.clearCookie(“key”)], it is definitely not going to work. In reality, to delete http cookie, domain and path are very important.

Domain and path define the scope of the cookie. In face, they essentially tell the browser what website the cookie belongs to.
Sending the same cookie value with ; expires appended is also a bad idea since you want the content to be destroyed, but that is not going to happen.

The best idea would be invalidating the cookie by setting the value to empty and include an expires field as well like below:

res.cookie(“key”,”empty the key content”, {expires:old date, domain:’.example.com’, path:’/’});

res.cookie(“token”, “”, { expires: new Date(0),domain:’.test.com’, path: ‘/’ });

Hope this helps!!!

Questions:
Answers:

I realized after a long and annoying time that my front end was not sending the cookie to the end point were I was trying to clear the cookie…

On the server:

function logout(req, res) {
  res.clearCookie('mlcl');
  return res.sendStatus(200);
}

And on the front end,

fetch('/logout', { method: 'POST', credentials: 'same-origin' })

adding the “credentials: ‘same-origin'” is what made the clearCookie work for me. If the cookie is not being sent, it has nothing to clear.

I hope this helps. I wish I had found this earlier…

Questions:
Answers:

While one other answer is correct, deleting a cookie from an express.js webapp is done by invocing the following method:

res.clearCookie("key");

But there’s a caveat!

Your cookie options (except expires) need to be the same as when you set it. Otherwise browsers will NOT remove the cookie. So use the same domain, security setting etc.