Unable to delete cookie via document.cookie from page that is local

[masha256]

I think I found a bug in cookie handling. It works fine when I make a remote http request to my html page or if I pass my javascript directly to phantomjs. But when I use a page loader to load my html/javascript locally, cookies are not deleted properly.

Here is my test code:

File "run.js":

var page = require('webpage').create();
var url = 'cookiebug.html';
page.onConsoleMessage = function(msg) {
        console.log(msg);
};
page.open(url, function (status) {
        phantom.exit();
});

File "cookiebug.html":

<script type="text/javascript">


function setCookie(name, val, timeout) {
        console.log("Setting cookie  " + name + " to value " + val);
        timeout = typeof timeout !== 'undefined' ? timeout : (100 * (86400 * 365)); // defaults to 100 years
        timeout *= 1000; // ms to seconds
        var d = new Date();
        d.setTime(d.getTime() + timeout);
        var cookie = name + "=" + encode(val) + ";expires=" + d.toUTCString() + ";path=/";
        document.cookie = cookie;
}

function getCookie(name) {
        var i, x, y, c = document.cookie.split(";");
        for (i = 0; i < c.length; i++) {
                x = c[i].substr(0, c[i].indexOf("="));
                y = c[i].substr(c[i].indexOf("=") + 1);
                x = x.replace(/^\s+|\s+$/g, "");
                if (x == name) {
                        return decode(y);
                }
        }
        return "";
}

function encode(val) {
        if (window.encodeURIComponent) {
                return encodeURIComponent(val);
        } else {
                //noinspection JSDeprecatedSymbols
                return escape(val);
        }
}

function decode(val) {
        if (window.decodeURIComponent(val)) {
                return decodeURIComponent(val);
        } else {
                //noinspection JSDeprecatedSymbols
                return unescape(val);
        }
}

function deleteCookie(name)
{
        console.log("Delete cookie: " + name);
        document.cookie = name + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}

var testcookie = "testcookie";

console.log("Testing cookies");
setCookie(testcookie, "testValue", 300);
console.log("Cookie set");
console.log("Getting cookie: " + getCookie(testcookie));
deleteCookie(testcookie);
console.log("Getting cookie after delete: " + getCookie(testcookie));


</script>

Put both files in the same directory and then run with:

phantomjs run.js

The expected output is that the last line print:
"Getting cookie after delete: "

but it is actually

"Getting cookie after delete: testValue"

I found this bug because I am using the qunit runner.js to load up my qunit html page, and my test does extensive cookie set/get.

Here is a run with --debug=yes, showing the incorrect expires when calling deleteCookie:

Testing cookies
Setting cookie  testcookie to value testValue
2013-05-24T10:37:54 [DEBUG] CookieJar - Saved "testcookie=testValue; expires=Fri, 24-May-2013 17:42:54 GMT; path=/"
Cookie set
Getting cookie: testValue
Delete cookie: testcookie
2013-05-24T10:37:54 [DEBUG] CookieJar - Saved "testcookie=testValue; expires=Fri, 24-May-2013 17:42:54 GMT; path=/"
Getting cookie after delete: testValue
2013-05-24T10:37:54 [DEBUG] CookieJar - Saved "testcookie=testValue; expires=Fri, 24-May-2013 17:42:54 GMT; path=/"

[dharkness]

I have experienced a similar issue. Not only can I not delete cookies via QUnit tests, but any cookie I set with an expiration time is ignored (not set).

[cm-mfc]

Also have this problem.

[josetapadas]

PhantomJS is a bit more picky in order to remove cookie keys from the document.cookie when compared to Firefox, Chrome or Safari. You have to delete the values with all the proper cookie attributes that you had set into them.

In your example you almost got it, and I've encountered a similar situation myself. Besides an empty value and an expired dateI also had to specify the domain which the cookie is currently set:

document.cookie = 'byebye_cookieval=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=127.0.0.1'

This enabled me to delete the cookie key successfully.

[dharkness]

So @machadolab needs to specify the same path? That makes sense. Hopefully you only need the domain if you overrode it when setting the cookie.

[stale]

Due to our very limited maintenance capacity, we need to prioritize our development focus on other tasks. Therefore, this issue will be automatically closed (see #15395 for more details). In the future, if we see the need to attend to this issue again, then it will be reopened. Thank you for your contribution!