Wednesday, July 11, 2012

Domain, subdomain and deleting cookies

I was trying to delete with server-side code (C#) a mix of cookies types: some had the domain as the sub-domain, others had just the base domain without the sub-domain prefix. I wasn't able to delete the cookies of the base domain, since the running domain was the sub-domain. (Also, in C#, the cookie domain was null, so I had to use the request domain)
  This is what I did: I set pairs of expired cookies:

Func getBaseDomain = (someDomain) =>  System.Text.RegularExpressions.Regex.Replace(someDomain, @"(.+)((:?\..+){2,4})", "$2");

                    var responseCookie = new HttpCookie(cookieName);
                    responseCookie.Domain = Request.Url.Host;                  
                    responseCookie.Expires = DateTime.Now.AddYears(-1);

                    // try also to issue an expired cookie - to 'remove it'
                    // like - the one before but
                    // with the base domain. That is, without the sub-domain prefix.
                    // The cookie can only be deleted
                    // if the domain in the response matches exactly that
                    // assumed by the browser.

                    var responseCookie2 = new HttpCookie(cookieName);
                    responseCookie2.Domain = getBaseDomain(Request.Url.Host);
                    responseCookie2.Expires = DateTime.Now.AddYears(-1);


No comments: