Delete session cookies by using Javascript

I am working on a function to delete the session cookies

Here is the source code:

<script language="javascript">
window.onload = function ()
{
   /* $.cookie('!lithiumSSO:tomtom.stage', null);
    $.cookie('LiSESSIONID', null);*/
        delete_cookie('LiSESSIONID');
         delete_cookie('!lithiumSSO:tomtom.stage');

};
function delete_cookie ( cookie_name )开发者_StackOverflow
    {
        var cookie_date = new Date ( );  // current date & time
        cookie_date.setTime ( cookie_date.getTime() - 1 );
        document.cookie = cookie_name += "=; expires=" + cookie_date.toGMTString();
        alert('name:' +cookie_name);
        jQuery.cookie('LiSESSIONID', null); //Try to using jQuery
    }

</script>

I can set got a pop up window displays name:LiSESSIONID=; expires=Wed, 02 Feb 2011 10:56:52 GMT. Which is one hour behind. However, when I use firecookies, I saw this cookie still exists:

LiSESSIONID
    
7A10E3453B01DDFF934AC7AF71EAFEC3
    forums.lithiumstage.tomtom.com  
43 B
    
/
    
Session
    
HttpOnly

Does anyone have an idea why I can not kill the cookies? jQuery function state said undefined even I load the function.

The reason is because the HttpOnly flag is set. This means that only the server side code can modify this cookie.

See: http://www.owasp.org/index.php/HTTPOnly

The cookie must be deleted on the server side. I don't have information on what language you're using, but if it's node + express it would be like:

res.clearCookie('LiSESSIONID', {
  httpOnly: true,
  sameSite: true,
  domain: 'YOUR DOMAIN HERE',
});

HttpOnly is something very interesting to use because it is safe, and prevents it from being changed from browser https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies

If you want to remove it in your browser, remove httpOnly when creating the cookie (I don't recommend it).