Ad

How Do You Delete Wild Card Cookies In Rails?

- 1 answer

How do you delete a cookie in rails that was set with a wild card domain:

cookies[:foo] = {:value => 'bar', :domain => '.acme.com'}

When, following the docs, you do:

cookies.delete :foo

the logs say

Cookie set: foo=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT

Notice that the domain is missing (it seems to use the default params for everything). Respecting the RFC, of course the cookie's still there, Browser ->ctrl/cmd-L ->

javascript:alert(document.cookie);

Voilà!

Q: What's the "correct" way to delete such a cookie?

Ad

Answer

Pass the :domain on delete as well. Here's the source of that method:

# Removes the cookie on the client machine by setting the value to an empty string
# and setting its expiration date into the past.  Like []=, you can pass in an options
# hash to delete cookies with extra data such as a +path+.
def delete(name, options = {})
  options.stringify_keys!
  set_cookie(options.merge("name" => name.to_s, "value" => "", "expires" => Time.at(0)))
end

As you can see, it just sets an empty cookie with the name you gave, set to expire in 1969, and with no contents. But it does merge in any other options you give, so you can do:

cookies.delete :foo, :domain => '.acme.com'

And you're set.

Ad
source: stackoverflow.com
Ad