如何删除HTTP响应中的cookie？ [英] How can you delete a cookie in an HTTP response?

问题描述

指示浏览器删除（或不再使用）HTTP响应中为给定域发出的HTTP cookie的首选方法是什么？

What is the preferred way to instruct a browser to delete (or no longer use) an HTTP cookie issued for a given domain in an HTTP response?

（I了解你不能强制浏览器删除cookie，但必须有一种方法来表明它不再有效且不应再发送了）

(I understand you cannot force the browser to delete the cookie, but there must be a way to indicate that it is no longer valid and should not longer be sent)

推荐答案

只需将cookie设置为完全相同的名称，路径和域，但最大年龄为0秒。 （可选）将值设置为null / empty-string，即使它只是为了节省带宽，否则平均客户端无论如何都会忽略它。

Just set the cookie on exactly the same name, path and domain, but with a max age of 0 seconds. Optionally, set the value to null/empty-string, even if it's just to save the bandwidth, it's otherwise ignored anyway by the average client.

请注意完全设置同样的道路也很重要。许多初学者通过仅使用相同的名称和域并依赖于默认路径的当前请求URL来失败。

Note that setting on exactly the same path is also important. Many starters fail in this by using only the same name and domain and relying on the current request URL for the default path.

来自RFC6265规范：

最后，删除cookie，服务器返回Set-Cookie标头
，其中包含过去的过期日期。仅当
中的路径和域属性Set-Cookie标头与创建
时使用的值匹配时，服务器才会成功移除cookie。

Finally, to remove a cookie, the server returns a Set-Cookie header with an expiration date in the past. The server will be successful in removing the cookie only if the Path and the Domain attribute in the Set-Cookie header match the values used when the cookie was created.

这篇关于如何删除HTTP响应中的cookie？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！