Click here to delete cookies
May 12, 2006 12:26 PM   Subscribe

What code can I include on my site to delete all cookies it has set?

I'm using Drupal on my site, and every once in a while, I can't log in. Asking on the Drupal forums has shown me that the fix (until someone finds the underlying bug that's causing the problem) is to delete the cookie for your site.

I want to provide something for the less technical of my site's members, where I can have a link that says "If you are experiencing this problem, click here" and it will delete all the cookies set by my site. Is this possible?
posted by RobotHero to Computers & Internet (10 answers total) 1 user marked this as a favorite
 
I don't know anything about drupal, and I don't know what kind of web server you're using, but it's still possible with some programming.

Every time a user visits any page on your site, they send ALL the cookies that their browser has, which were given to them by your site. This is in the "cookies" header. Whatever server you have, and whatever programming language you have access to, you can grab this header and parse the cookie names out of it. Then, you can re-send the cookies with an immediate expiration time.

The actual details of this are left as an excercise since it'll depend a lot on your platform and programming language. Once you figure out how to grab the actual value of the cookies header, you'll see what I mean, the cookes are "packed" into the cookie header in an easily parseable format.
posted by RustyBrooks at 12:43 PM on May 12, 2006


Rusty's right. To put it in as few words as possible, you can't delete them, but you can expire them.
posted by AmbroseChapel at 12:56 PM on May 12, 2006


Drupal is PHP-based, I believe. There is a user-contributed "delete all cookies" script at the PHP site:
$cookiesSet = array_keys($_COOKIE);
for ($x = 0; $x < count($cookiesset); $x++) {br>
   if (is_array($_COOKIE[$cookiesSet[$x]])) {
       $cookiesSetA = array_keys($_COOKIE[$cookiesSet[$x]]);
       for ($c = 0; $c < count($cookiesseta); $c++) {br>
           $aCookie = $cookiesSet[$x].'['.$cookiesSetA[$c].']';
           setcookie($aCookie,"",time()-1);
       }
   }
   setcookie($cookiesSet[$x],"",time()-1);
}
So you could wrap that in a function and call it as needed. (please advise if I am glossing over details you need or speaking beneath your skill level here -- you don't indicate your own skillset in the Q. I assume since you are administering a drupal site that you can dabble in PHP) You can also delete all cookies from javascript, but it is preferable to have a server-side method to fall back on.
posted by misterbrandt at 12:57 PM on May 12, 2006


This page has a delete_all_cookies function implemented in Javascript -- down a ways.
posted by misterbrandt at 12:59 PM on May 12, 2006


time() - 1 isn't reliable from the server side, since the cookie will use at the client's clock setting. Just use a static date several years ago. (Doesn't apply to the javascript solution since it has access to the user's clock.)
posted by moift at 1:46 PM on May 12, 2006


This page has a number of useful bookmarklets, including "zap cookies", which I use all the time.
posted by o2b at 1:50 PM on May 12, 2006


I assume since you are administering a drupal site that you can dabble in PHP - misterbrandt

Yes.

I assume I have to use the php code in the header? (Like, I can't just cram it into the middle of my template and expect it to work.)
posted by RobotHero at 2:05 PM on May 12, 2006


I am not familiar with drupal, so I can't advise whether it is pretty easy to turn that function into a plugin or what. Simplest thing I would do is actually just save it as 'deletecookies.php' in the root of your folder, and then from drupal make a link that says "having trouble logging in? _click here_" pointing that file. You could then add a header("Location: /"); to redirect users to your site root once the cookies are cleared, but theat doesn't give any visual feedback that anything happened. Maybe just have that page display a "all cookies have been cleared! return to the _login page_" message when it is done. (heck, throw a meta-redirect to redirect there automatically after x seconds too)
posted by misterbrandt at 2:18 PM on May 12, 2006


I assume I have to use the php code in the header? (Like, I can't just cram it into the middle of my template and expect it to work.)

I can't quite recall (and I'm too lazy to look up), that any cookie manipulation in PHP must be done PRE-output -- ie, before you send the headers. And I also believe that you should do a header("location:".$_SERVER["PHP_SELF"]) once you're done twiddling those bits.

however, ymmv, since most of my memory has been pissed away many years ago.
posted by fishfucker at 4:15 PM on May 12, 2006


I assume I have to use the php code in the header? (Like, I can't just cram it into the middle of my template and expect it to work.)

Yes. You can't do any header() work or set any cookies after output has already been sent.
posted by misterbrandt at 4:17 PM on May 12, 2006


« Older "Chrono Shift?"   |   Bleeding edge tech blogs? Newer »
This thread is closed to new comments.