New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deleting cookie from $cookies doesn't delete cookie in IE #3988

Closed
jnizet opened this Issue Sep 12, 2013 · 5 comments

Comments

Projects
None yet
4 participants
@jnizet
Copy link
Contributor

jnizet commented Sep 12, 2013

Here's the situation:

The application is served from the root of a web server.
The index.html doesn't have a <base> tag. The server sets a session cookie named XSRF-TOKEN with a path set to /. This cookie is visible by the JS code, and is present in the $cookies object. But calling delete $cookies['XSRF-TOKEN'] or $cookies['XSRF-TOKEN'] = undefined does not delete the cookie from the browser.

If, in debug mode, I set the cookiePath variable to '/' (in angular.js, in the cookies API), then the cookie is deleted.

If I add a <base href="/" /> to index.html, then the cookie is also deleted (but I don't see why I would need a base tag when the app is served from the root).

If I don't set the path of the cookie to /, it isn't visible from JavaScript.

If I change the following line in angular.js :

rawDocument.cookie = escape(name) + "=;path=" + cookiePath + ";expires=Thu, 01 Jan 1970 00:00:00 GMT";

to

rawDocument.cookie = escape(name) + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT"; 

then the cookie is deleted. But I'm not sure what the goal and importance of the path attribute is in this line.

This is with angular 1.2.0-rc.1.

@jnizet

This comment has been minimized.

Copy link
Contributor Author

jnizet commented Sep 12, 2013

Workaround: if I don't set the cookie in the response, from the server, but simply return it as part of the response body (in JSON), and then create the cookie in the browser, using $cookies, everything works fine.

@petebacondarwin

This comment has been minimized.

Copy link
Member

petebacondarwin commented Sep 16, 2013

IE has some funny things going on with cookies. Can you confirm if the problem exists in other browsers?

@jnizet

This comment has been minimized.

Copy link
Contributor Author

jnizet commented Sep 16, 2013

I haven't reproduced it with Chrome and Firefox. I haven't tested with other ones.

@saulovenancio

This comment has been minimized.

Copy link

saulovenancio commented May 26, 2014

Can some one help with this problem.
It is not deleting cookie on Chrome iether.
I try to delete it using $cookies and also $cookieStore and it is not removing it.
If i try to use both of these commands and then retrieve document.cookie
the cookie is still there.
Is there any reason for that?
Thanks for responses.

@khaledmasud82

This comment has been minimized.

Copy link

khaledmasud82 commented May 27, 2014

Check out the link below
https://code.google.com/p/selenium/issues/detail?id=5101
In which project member states, that:

httpOnly cookies can not be deleted. In some cased httpOnly cookie set true by default. Changed this to false and then try to delete cookies.

shahata added a commit to shahata/angular.js that referenced this issue Jan 5, 2015

shahata added a commit to shahata/angular.js that referenced this issue Feb 28, 2015

shahata added a commit to shahata/angular.js that referenced this issue Feb 28, 2015

shahata added a commit to shahata/angular.js that referenced this issue Feb 28, 2015

shahata added a commit to shahata/angular.js that referenced this issue Mar 1, 2015

shahata added a commit to shahata/angular.js that referenced this issue Mar 1, 2015

shahata added a commit to shahata/angular.js that referenced this issue Mar 2, 2015

feat($cookies): allow passing cookie options
The `put`, `putObject` and `remove` methods now take an options parameter
where you can provide additional options for the cookie value, such as `expires`,
`path`, `domain` and `secure`.

Closes angular#8324
Closes angular#3988
Closes angular#1786
Closes angular#950

shahata added a commit to shahata/angular.js that referenced this issue Mar 2, 2015

feat($cookies): allow passing cookie options
The `put`, `putObject` and `remove` methods now take an options parameter
where you can provide additional options for the cookie value, such as `expires`,
`path`, `domain` and `secure`.

Closes angular#8324
Closes angular#3988
Closes angular#1786
Closes angular#950

shahata added a commit to shahata/angular.js that referenced this issue Mar 2, 2015

feat($cookies): allow passing cookie options
The `put`, `putObject` and `remove` methods now take an options parameter
where you can provide additional options for the cookie value, such as `expires`,
`path`, `domain` and `secure`.

Closes angular#8324
Closes angular#3988
Closes angular#1786
Closes angular#950

shahata added a commit to shahata/angular.js that referenced this issue Mar 2, 2015

feat($cookies): allow passing cookie options
The `put`, `putObject` and `remove` methods now take an options parameter
where you can provide additional options for the cookie value, such as `expires`,
`path`, `domain` and `secure`.

Closes angular#8324
Closes angular#3988
Closes angular#1786
Closes angular#950

shahata added a commit to shahata/angular.js that referenced this issue Mar 2, 2015

feat($cookies): allow passing cookie options
The `put`, `putObject` and `remove` methods now take an options parameter
where you can provide additional options for the cookie value, such as `expires`,
`path`, `domain` and `secure`.

Closes angular#8324
Closes angular#3988
Closes angular#1786
Closes angular#950

@shahata shahata closed this in 92c366d Mar 2, 2015

hansmaad pushed a commit to hansmaad/angular.js that referenced this issue Mar 10, 2015

feat($cookies): allow passing cookie options
The `put`, `putObject` and `remove` methods now take an options parameter
where you can provide additional options for the cookie value, such as `expires`,
`path`, `domain` and `secure`.

Closes angular#8324
Closes angular#3988
Closes angular#1786
Closes angular#950

netman92 added a commit to netman92/angular.js that referenced this issue Aug 8, 2015

feat($cookies): allow passing cookie options
The `put`, `putObject` and `remove` methods now take an options parameter
where you can provide additional options for the cookie value, such as `expires`,
`path`, `domain` and `secure`.

Closes angular#8324
Closes angular#3988
Closes angular#1786
Closes angular#950
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment