Forum Discussion
Stanislas_Piro2
Jun 16, 2015Cumulonimbus
Hi,
the HTTP::cookie remove command on HTTP_RESPONSE event does not remove cookie on client browser but only on the answer. if the browser does not receive cookie update, it will not remove it.
to force removal of cookie on client browser, you need to force expiration of it by changing the expiration date:
when HTTP_REQUEST {
if {[HTTP::cookie exists "PS_TOKEN"] {
HTTP::respond 302 noserver Location "https://[HTTP::host][HTTP:uri]" Connection close Set-Cookie "PS_TOKEN=deleted;secure;expires=Thu, 01 Jan 1970 00:00:00 GMT"
}
}
or
when HTTP_RESPONSE {
if {[HTTP::cookie exists "PS_TOKEN"] {
if {HTTP::cookie domain "PS_TOKEN" contains "abc.com"}{
HTTP::cookie remove "PS_TOKEN"
HTTP::header insert Set-Cookie "PS_TOKEN=deleted;secure;expires=Thu, 01 Jan 1970 00:00:00 GMT"
}
}
}