Destroy cookie NodeJs

I am using Cookies module for setting cookie. Here is following my code:

var options = {
    maxAge: ALMOST_ONE_HOUR_MS,
    domain: '.test.com',
    expires: new Date(Date.now() + ALMOST_ONE_HOUR_MS)
};
var value = userInfo.token;
cookies.set("testtoken", value, options);

But in documentation I haven't found how to destroy this cookie.

Any suggestion would be appreciated.

For webapp you can just set cookie in response as :

res.cookie("key", value);

and to delete cookie : Ref: https://expressjs.com/en/api.html#res.clearCookie

res.clearCookie("key");

and don't forget to:

res.end()

to avoid the web request hanging.

There is no way to delete a cookie according to the HTTP specification. To effectively "delete" a cookie, you set the expiration date to some date in the past. Essentially, this would result in the following for you (according to the cookies module documentation):

cookies.set('testtoken', {maxAge: 0});

Or according to the HTTP specification:

cookies.set('testtoken', {expires: Date.now()});

Both of which should work. You can replace Date.now() with new Date(0) for a really old date.

While one other answer is correct, deleting a cookie from an express.js webapp is done by invocing the following method:

res.clearCookie("key");

But there's a caveat!

Your cookie options (except expires) need to be the same as when you set it. Otherwise browsers will NOT remove the cookie. So use the same domain, security setting etc. (reference: https://expressjs.com/en/4x/api.html#res.clearCookie)

I'm using this with cookie-parser module:

router.get('/logout', function(req, res){
    cookie = req.cookies;
    for (var prop in cookie) {
        if (!cookie.hasOwnProperty(prop)) {
            continue;
        }    
        res.cookie(prop, '', {expires: new Date(0)});
    }
    res.redirect('/');
});

To delete any http cookie if we just try to clear it from response [using res.clearCookie("key")], it is definitely not going to work. In reality, to delete http cookie, domain and path are very important.

Domain and path define the scope of the cookie. In face, they essentially tell the browser what website the cookie belongs to. Sending the same cookie value with ; expires appended is also a bad idea since you want the content to be destroyed, but that is not going to happen.

The best idea would be invalidating the cookie by setting the value to empty and include an expires field as well like below:

res.cookie("key","empty the key content", {expires:old date, domain:'.example.com', path:'/'});

res.cookie("token", "", { expires: new Date(0),domain:'.test.com', path: '/' });

Hope this helps!!!

I was going through the same problem a few days ago. After discussing it with a friend, I think this is the best solution.

res.setHeader('set-cookie', 'mycookie=; max-age=0');

Advantages:

• only use node
• simple to understand

credits: @andy

I am using cookie-parser as well, and upper answers lead me to the solution. In my case I needed to add overwrite: true as well, otherwise new cookie key was added.

So my final solution looks like:

res.cookie('cookieName', '', {
      domain: 'https://my.domain.com',
      maxAge: 0,
      overwrite: true,
    });

When using in production with SSL, you need to specify the domain. This domain must correspond to the one, which is used to store the cookie!

For example:

res.clearCookie('sid', {domain: ".somedomain"})

I have tried all the solutions, and none worked until I found this one.

1. I set up my cookie like this:

res.writeHead(200, {
   "Set-Cookie": `token=${accessToken}; HttpOnly; path=/`,
   "Access-Control-Allow-Credentials": "true",
});

res.end();

2. Then destroyed it like this:

res.writeHead(200, {
    "Set-Cookie": `token=; HttpOnly; path=/; max-age=0`,
});
res.end();

Another way to destroying cookies from the server. Just set negative integer as a maxAge. One more thing that keep in mind, don't forget to set a path when will set or destroy cookie.

The Best way to doing this

before you set the like token you should remove that first like that

res.clearCookie('token');
res.cookie('token',token, { maxAge: 900000, httpOnly: true });