Win a copy of Escape Velocity: Better Metrics for Agile Teams this week in the Agile and Other Processes forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Paul Clapham
  • Jeanne Boyarsky
  • Ron McLeod
  • Frank Carver
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
  • Piet Souris
  • Frits Walraven
  • fred rosenberger

How to delete a cookie from Request (age old question never answered)

Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Several questions have been asked on how to delete a cookie from the request that a servlet send to a client web page.
Below is my code snipet which doesn't work as in all the other email's on this site concerning this subject (taken from Hans Bergen blog page):

Funny thing was that the cookie I wanted to delete it didn't original exist until I tried to delete it. Below is the output my code snippet:

Request headers:
accept : image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/, application/xaml+xml, application/, application/, application/msword, */*
referer : http://localhost:8084/timezone/TimetoolController?option=byCookie&action=debug
accept-language : en-us
user-agent : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; InfoPath.2; .NET4.0C; .NET4.0E)
accept-encoding : gzip, deflate
host : localhost:8084
connection : Keep-Alive
cookie : JSESSIONID=A6380E54D89C586D0F597A5E239F2E3A; timezone2="America/Indiana/Indianapolis"; timezone3="America/Dawson"; timezone4="Africa/Accra"; timezone5="America/Atka"; timezone6="Europe/Stockholm"; timezone8="US/Hawaii"; timezone9="Africa/Banjul"

JSESSIONID : A6380E54D89C586D0F597A5E239F2E3A
timezone2 : America/Indiana/Indianapolis

The cookie called timezone2 was only in my cookie after I tried to delete.

Several approaches have discussed how to delete cookies (see other post like "Cookies being read after deleting", etc").

like adding


the thinking is that is cookie is also defined by its path, domain and perhaps even comment.
But this still doesn't do the trick.

As any one ever resolved this?

Mahalo, Max
Ranch Hand
Posts: 153
Oracle Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
if you set cookie expire time properly they will automatically disappears once particular time is elapsed. For what purpose you want delete the cookies is there any genuine reason or just for exploring

Cookies are made to hold the session id, It is the containers which uses the cookies to bind between session object and particular client. that means when the container receives first request from the client then in the response, session id will be added and this session id will be saved in the cookies in the client machine. then in the next request from the client. the browser adds the cookies in the request before submitting the request to the server. Again the cycle repeats container finds the session id in the cookie and binding happens between session object and the client.

I hope that helps and java experts correct me if I am wrong.
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
To delete a cookie you need to set the same 'namespace' as the existing cookie. The namespace is composed of domain, path and protocol (secure/non-secure). These values are only stored on the client side. The browser requires these information to select all the cookies which suits the HTTP request. Domain, path and protocol must match or it will be treat as 2 different cookies even if the name is equal.

Cookie1 name=mycookie path=/
Cookie2 name=mycookie path=/

The 2 cookies have the same name, but use a different domain.
Cookie1 will be sent only to server
Cookie2 will be sent to all server within the domain *

If you want to set/delete Cookie2 you need to set domain (by default it is set to the hostname).

The above solution works fine if you work with the default values (path=/ domain=hostname) or leave it blank. If not you need to set the correcsponding values manually.

The problem is you can't find out the 'namespace' of a cookie on the server side. The browser uses this information only to select the matching cookies, but doesn't send the information about the namespace.

myCookie.getDomain() and myCookie.getPath() will always return 'blank'.

To delete a cookie you need to know this information or you will just try to delete a cookie, which doesn't exist.

Hope this helps
craig motell
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks for the reply by Lokesh and Malatsh:

First, why do I want to delete cookies. I'm allowing the user to set the timezones they want to view in my time zone conversion tool. I will attach screen shoot. I want to say the user's preferences. Because
the perferences are a funciton of user name, then using either session scope or application scope is NOT appropriate (at least my view). Better would be to save the perferences in either property file or DB. But if can use cookies then would be simple.

Some interesting comments by both. I modified my code to (1) try and set path, domain, etc and (2) view these settings. But as mentioned in the reply I don't can print out what the client is saving for the domain and path.

Ok, code below shows what I'm trying to do. Set name, value, path, domain and secure attributes of cookie then delete it. Still can't delete. I also included a printout of my results below:

The output of this code is:

So even if I set path and domain, I can't confirm what my "domain name space" is for a cookie.

Let me ask, can somebody send me some code snippet where they actually deleted a cookied when view with Internet Explorer?

[Thumbnail for timezone.PNG]
Sample time zone selection set with cookies
Where all the women are strong, all the men are good looking and all the tiny ads are above average:
the value of filler advertising in 2021
    Bookmark Topic Watch Topic
  • New Topic