If i set a cookie using the code
var a = 'jn=900; expires=Fri, 27 Jul 2013 02:47:11 UTC; path=/';
document.cookie = a;
Then it is sure that document.cookie = 'jn=900; expires=Fri, 27 Jul 1999 02:47:11 UTC; path=/'; will delete the cookie.
Is it necessary to set all the properties used to set the cookie for deleting the cookie?
Ie. whether document.cookie = 'jn=900; expires=Fri, 27 Jul 1999 02:47:11 UTC;' is enough for deleting the cookie shown above, or should I also specify the path as used to set the cookie?
Assume that the cookie is accessible in the page I’m deleting the cookie.
Also is it possible to delete a cookie set by PHP using Javascript?
It is a good practice to set the path to avoid issues like cookies set by mistake on a different domain (
www.domain.cominstead ofdomain.com).Regarding the second question, the answer is yes, you can use Javascript to access and delete cookies created by PHP if they are not marked as HttpOnly.
The HttpOnly attribute directs browsers to use cookies via the HTTP protocol only. An HttpOnly cookie is not accessible via non-HTTP methods, such as calls via JavaScript (e.g., referencing "document.cookie"), and therefore cannot be stolen easily via cross-site scripting (a pervasive attack technique[27]). As shown in previous examples, both Facebook and Google use the HttpOnly attribute extensively.http://en.wikipedia.org/wiki/HTTP_cookie#HttpOnly_cookie