The moose likes Servlets and the fly likes How to delete a cookie from Request (age old question never answered) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to delete a cookie from Request (age old question never answered)" Watch "How to delete a cookie from Request (age old question never answered)" New topic

How to delete a cookie from Request (age old question never answered)

craig motell

Joined: Oct 03, 2008
Posts: 6
Several questions have been asked on how to delete a cookie from the request that a servlet send to a client web page.
Below is my code snipet which doesn't work as in all the other email's on this site concerning this subject (taken from Hans Bergen blog page):

Funny thing was that the cookie I wanted to delete it didn't original exist until I tried to delete it. Below is the output my code snippet:

Request headers:
accept : image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/, application/xaml+xml, application/, application/, application/msword, */*
referer : http://localhost:8084/timezone/TimetoolController?option=byCookie&action=debug
accept-language : en-us
user-agent : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; InfoPath.2; .NET4.0C; .NET4.0E)
accept-encoding : gzip, deflate
host : localhost:8084
connection : Keep-Alive
cookie : JSESSIONID=A6380E54D89C586D0F597A5E239F2E3A; timezone2="America/Indiana/Indianapolis"; timezone3="America/Dawson"; timezone4="Africa/Accra"; timezone5="America/Atka"; timezone6="Europe/Stockholm"; timezone8="US/Hawaii"; timezone9="Africa/Banjul"

JSESSIONID : A6380E54D89C586D0F597A5E239F2E3A
timezone2 : America/Indiana/Indianapolis

The cookie called timezone2 was only in my cookie after I tried to delete.

Several approaches have discussed how to delete cookies (see other post like "Cookies being read after deleting", etc").

like adding


the thinking is that is cookie is also defined by its path, domain and perhaps even comment.
But this still doesn't do the trick.

As any one ever resolved this?

Mahalo, Max
Malatesh Karabisti
Ranch Hand

Joined: Jul 28, 2010
Posts: 153

if you set cookie expire time properly they will automatically disappears once particular time is elapsed. For what purpose you want delete the cookies is there any genuine reason or just for exploring

Cookies are made to hold the session id, It is the containers which uses the cookies to bind between session object and particular client. that means when the container receives first request from the client then in the response, session id will be added and this session id will be saved in the cookies in the client machine. then in the next request from the client. the browser adds the cookies in the request before submitting the request to the server. Again the cycle repeats container finds the session id in the cookie and binding happens between session object and the client.

I hope that helps and java experts correct me if I am wrong.
lokesh pattajoshi
Ranch Hand

Joined: Jul 29, 2009
Posts: 130
To delete a cookie you need to set the same 'namespace' as the existing cookie. The namespace is composed of domain, path and protocol (secure/non-secure). These values are only stored on the client side. The browser requires these information to select all the cookies which suits the HTTP request. Domain, path and protocol must match or it will be treat as 2 different cookies even if the name is equal.

Cookie1 name=mycookie path=/
Cookie2 name=mycookie path=/

The 2 cookies have the same name, but use a different domain.
Cookie1 will be sent only to server
Cookie2 will be sent to all server within the domain *

If you want to set/delete Cookie2 you need to set domain (by default it is set to the hostname).

The above solution works fine if you work with the default values (path=/ domain=hostname) or leave it blank. If not you need to set the correcsponding values manually.

The problem is you can't find out the 'namespace' of a cookie on the server side. The browser uses this information only to select the matching cookies, but doesn't send the information about the namespace.

myCookie.getDomain() and myCookie.getPath() will always return 'blank'.

To delete a cookie you need to know this information or you will just try to delete a cookie, which doesn't exist.

Hope this helps
craig motell

Joined: Oct 03, 2008
Posts: 6
thanks for the reply by Lokesh and Malatsh:

First, why do I want to delete cookies. I'm allowing the user to set the timezones they want to view in my time zone conversion tool. I will attach screen shoot. I want to say the user's preferences. Because
the perferences are a funciton of user name, then using either session scope or application scope is NOT appropriate (at least my view). Better would be to save the perferences in either property file or DB. But if can use cookies then would be simple.

Some interesting comments by both. I modified my code to (1) try and set path, domain, etc and (2) view these settings. But as mentioned in the reply I don't can print out what the client is saving for the domain and path.

Ok, code below shows what I'm trying to do. Set name, value, path, domain and secure attributes of cookie then delete it. Still can't delete. I also included a printout of my results below:

The output of this code is:

So even if I set path and domain, I can't confirm what my "domain name space" is for a cookie.

Let me ask, can somebody send me some code snippet where they actually deleted a cookied when view with Internet Explorer?


[Thumbnail for timezone.PNG]

I agree. Here's the link:
subject: How to delete a cookie from Request (age old question never answered)
It's not a secret anymore!