7

I have a cookie which can exist on either of these domains - www.xyz.com or .xyz.com. I am having trouble deleting the cookie through code. Since it can exist on either of domains I was assuming doing the following should be sufficient:

...
cookies.delete cookie  #delete cookie if it exists on current domain(www.xyz.com)
cookies.delete cookie, :domain => :all #delete cookie if it exists on root (.xyz.com)
...

But cookies.delete cookie, :domain => :all seems to be rendering the first call useless as if the cookie is set on www.xyz.com then it doesn't get deleted.

Any ideas on how to delete a cookie that might exist on two different domains?

shreyj
  • 1,759
  • 3
  • 22
  • 31
  • Can it help you? http://stackoverflow.com/questions/5173919/delete-session-cookies-across-multiple-subdomains-in-rails-3 – RAJ Aug 01 '14 at 12:03

2 Answers2

6

Well, Rails doesn't allow to delete cookie with the same name twice during one request, although they have been set for different domains.

Assuming you are trying to logout, double redirect is the best what I came up with:

def logout
  cookie.delete(:user_id)
  redirect_to logout_all_path
end

def logout_all
  cookie.delete(:user_id, domain: :all)
end

Don't know whether Rails 6 solved this problem, so PR wouldn't hurt.

When deleting cookie cookie.delete(:user_id) is the same as an explicit form cookie.delete(:user_id, domain: nil).

It is not obligatory to specify domain in your code.

Nick Roz
  • 3,918
  • 2
  • 36
  • 57
2

I believe you need to be explicit on which domain you're deleting cookies

cookies.delete cookie, :domain => "xyz.com"

From Rails docs, looks like you can set with domain: :all but not delete

katzmopolitan
  • 1,371
  • 13
  • 23