Deleting cookies in an HTTP response is primarily done by setting a cookie with the same name and configuring its expiration date to a past date. This causes the browser to delete the cookie upon receiving the response.
For example, to delete a cookie named session_id, you can add the following field to the HTTP response header:
Set-Cookie: session_id=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; HttpOnly
Here is a detailed breakdown:
Set-Cookie:instructs the browser to set a cookie.session_id=sets the cookie name tosession_idand its value to empty, which overwrites the existing cookie value.Expires=Thu, 01 Jan 1970 00:00:00 GMT;sets the cookie's expiration date to January 1, 1970, a date before the Unix timestamp origin, causing the browser to treat the cookie as expired and delete it immediately.Path=/;specifies the cookie's path, which must match the path of the cookie to be deleted. If the path does not match, the cookie will not be deleted correctly.HttpOnlyindicates that the cookie is accessible only via HTTP(S) and is inaccessible to JavaScript. This option is not mandatory but enhances security.
This method is widely used in web development to ensure that when a user's session is terminated on the server, the corresponding cookie is also deleted from the user's browser.
2024年6月29日 12:07 回复