VertX Web not removing cookies

Question

I'm creating cookies in VertX and want to remove them again once a users logs out.

AccountController.handleLogin(vertx, router.post("/login"))

...

fun handleLogin(vertx: Vertx, route: Route) {
    route.handler { rtx ->
            rtx.request().bodyHandler { btx ->
                vertx.executeBlocking<Login>({
                    it.complete(AccountController.login(Json.decodeValue(String(btx.bytes), Login::class.java)))
                }, {
                    if (it.succeeded()) {
                        // set some cookies
                        rtx.addCookie(Cookie.cookie("atom-session", it.result().session).setHttpOnly(true).setSecure(secure))

That cookie can now be seen in Chrome:

When I want to remove that cookie again:

AccountController.handleLogout(vertx, router.post("/logout"))

...

fun handleLogout(vertx: Vertx, route: Route) {
    route.handler { rtx ->
            rtx.request().bodyHandler { btx ->
                vertx.executeBlocking<Logout>({
                    val logout = Json.decodeValue(String(btx.bytes), Logout::class.java)

                    it.complete(AccountController.logout(logout))
                }, {
                    if (it.succeeded()) {
                        log.info("Cookies Will No Be Removed ...")
                        rtx.removeCookie("atom-session")
                        log.info("DONE!")

I can see the messages being printed saying that cookies will be removed, but when I refresh the resources in Chrome, all the cookies that were set on login are still there. including atom-session

Am I doing this wrong or is this a bug in VertX ?

Answer 1

The removeCookie method will remove it from the request object but that does not remove a cookie from a web client. In order to force it to be removed from a client the cookie must be sent back with an expiration date. For example you should do:

rtx.getCookie("atom-session").setMaxAge(0)

This is not a vert.x feature per se, but how cookies work.