Comments on: Click here to delete cookies

Question: Click here to delete cookies

RobotHero — Fri, 12 May 2006 12:26:43 -0800

What code can I include on my site to delete all cookies it has set?

I'm using Drupal on my site, and every once in a while, I can't log in. Asking on the Drupal forums has shown me that the fix (until someone finds the underlying bug that's causing the problem) is to delete the cookie for your site.

I want to provide something for the less technical of my site's members, where I can have a link that says "If you are experiencing this problem, click here" and it will delete all the cookies set by my site. Is this possible?

By: RustyBrooks

RustyBrooks — Fri, 12 May 2006 12:43:38 -0800

I don't know anything about drupal, and I don't know what kind of web server you're using, but it's still possible with some programming.

Every time a user visits any page on your site, they send ALL the cookies that their browser has, which were given to them by your site. This is in the "cookies" header. Whatever server you have, and whatever programming language you have access to, you can grab this header and parse the cookie names out of it. Then, you can re-send the cookies with an immediate expiration time.

The actual details of this are left as an excercise since it'll depend a lot on your platform and programming language. Once you figure out how to grab the actual value of the cookies header, you'll see what I mean, the cookes are "packed" into the cookie header in an easily parseable format.

By: AmbroseChapel

AmbroseChapel — Fri, 12 May 2006 12:56:30 -0800

Rusty's right. To put it in as few words as possible, you can't delete them, but you can expire them.

By: misterbrandt

misterbrandt — Fri, 12 May 2006 12:57:06 -0800

Drupal is PHP-based, I believe. There is a user-contributed "delete all cookies" script at the PHP site:



$cookiesSet = array_keys($_COOKIE);

for ($x = 0; $x < count($cookiesset); $x++) {br>
   if (is_array($_COOKIE[$cookiesSet[$x]])) {

       $cookiesSetA = array_keys($_COOKIE[$cookiesSet[$x]]);

       for ($c = 0; $c < count($cookiesseta); $c++) {br>
           $aCookie = $cookiesSet[$x].'['.$cookiesSetA[$c].']';

           setcookie($aCookie,"",time()-1);

       }

   }

   setcookie($cookiesSet[$x],"",time()-1);

}

So you could wrap that in a function and call it as needed. (please advise if I am glossing over details you need or speaking beneath your skill level here -- you don't indicate your own skillset in the Q. I assume since you are administering a drupal site that you can dabble in PHP) You can also delete all cookies from javascript, but it is preferable to have a server-side method to fall back on.

By: misterbrandt

misterbrandt — Fri, 12 May 2006 12:59:50 -0800

This page has a delete_all_cookies function implemented in Javascript -- down a ways.

By: moift

moift — Fri, 12 May 2006 13:46:03 -0800

time() - 1 isn't reliable from the server side, since the cookie will use at the client's clock setting. Just use a static date several years ago. (Doesn't apply to the javascript solution since it has access to the user's clock.)

By: o2b

o2b — Fri, 12 May 2006 13:50:23 -0800

This page has a number of useful bookmarklets, including "zap cookies", which I use all the time.

By: RobotHero

RobotHero — Fri, 12 May 2006 14:05:12 -0800

I assume since you are administering a drupal site that you can dabble in PHP - misterbrandt

Yes.

I assume I have to use the php code in the header? (Like, I can't just cram it into the middle of my template and expect it to work.)

By: misterbrandt

misterbrandt — Fri, 12 May 2006 14:18:54 -0800

I am not familiar with drupal, so I can't advise whether it is pretty easy to turn that function into a plugin or what. Simplest thing I would do is actually just save it as 'deletecookies.php' in the root of your folder, and then from drupal make a link that says "having trouble logging in? _click here_" pointing that file. You could then add a header("Location: /"); to redirect users to your site root once the cookies are cleared, but theat doesn't give any visual feedback that anything happened. Maybe just have that page display a "all cookies have been cleared! return to the _login page_" message when it is done. (heck, throw a meta-redirect to redirect there automatically after x seconds too)

By: fishfucker

fishfucker — Fri, 12 May 2006 16:15:22 -0800

I assume I have to use the php code in the header? (Like, I can't just cram it into the middle of my template and expect it to work.)

I can't quite recall (and I'm too lazy to look up), that any cookie manipulation in PHP must be done PRE-output -- ie, before you send the headers. And I also believe that you should do a header("location:".$_SERVER["PHP_SELF"]) once you're done twiddling those bits.

however, ymmv, since most of my memory has been pissed away many years ago.

By: misterbrandt

misterbrandt — Fri, 12 May 2006 16:17:55 -0800

I assume I have to use the php code in the header? (Like, I can't just cram it into the middle of my template and expect it to work.)

Yes. You can't do any header() work or set any cookies after output has already been sent.