Problem removing cookie in servlet

I trying to remove a cookie in a servlet with this code

Cookie minIdCookie = null;

for (Cookie c : req.getCookies()) {
    if (c.getName().equals("iPlanetDirectoryPro")) {
        minIdCookie = c;
        break;
    }
}

if (minIdCookie != null) {
    minIdCook开发者_StackOverflowie.setMaxAge(0);
    minIdCookie.setValue("");
    minIdCookie.setPath("/");
    res.addCookie(minIdCookie);
}

res.flushBuffer();

But this gives no effect and no change in the cookie properties.

I've also tried adding a cookie in this servlet and this works fine.

Why is it that I can not change the properties of an existing cookie.

---

You should not change the path. This would change the cookie identity. If the cookie were set for a path like /foo and you change this to /, then the client won't associate the changed cookie with the original cookie anymore. A cookie is identified by the name and the path.

Just setting maxage to 0 ought to be enough.

Cookie[] cookies = request.getCookies();
if (cookies != null) { // Yes, this can return null! The for loop would otherwise throw NPE.
    for (Cookie cookie : cookies) {
        if (cookie.getName().equals("iPlanetDirectoryPro")) {
            cookie.setMaxAge(0);
            response.addCookie(cookie);
            break;
        }
    }
}

You also need to ensure that you're reading/testing the cookie in the subsequent new request, not in the current request.

---

I understand this is a few years old now, but the answer BalusC gave above isn't entirely correct, nor does Stefan's accepted answer really give all the details.

The path and domain will always be null when you retrieve cookies in Java because they are only necessary in the response for the client browser. However, if you're in the same security domain (regardless of the path), you still have the rights to delete them. Unfortunately, because the path is not included you can't delete the cookie now without explicitly knowing that path. Simply using the same cookie name, but a different path will not work. Those are considered two different cookies, and you will find that instead of deleting the cookie, you just created another one on a different path.

The other problem most developers have is they try to check for the absence of cookies before the response has been committed. A cookie is not removed until the client browser can read the response and remove it from the file system. If you forward to another servlet with the hope that you have deleted a cookie you will find it still exists (since the initial request is the same). In this sense request attributes are a much better option.

---

Most of the time the problem is with path of the cookie. So take care that you specify the path when creating a cookie. And then use the same path while discarding a cookie. The concept of path is

public String getPath() public void setPath(String path) These methods get or set the path to which the cookie applies. If you don’t specify a path, the browser returns the cookie only to URLs in or below the directory containing the page that sent the cookie. For example, if the server sent the cookie from //ecommerce.site.com/toys/specials.html, the browser would send the cookie back when connecting to //ecommerce.site.com/toys/bikes/beginners.html, but not to //ecommerce.site.com/cds/classical.html. The setPath method can be used to specify something more general. For example, someCookie.setPath("/") specifies that all pages on the server should receive the cookie. The path specified must include the current page; that is, you may specify a more general path than the default, but not a more specific one. So, for example, a servlet at //host/store/cust-service/request could specify a path of /store/ (since /store/ includes /store/cust-service/) but not a path of /store/cust-service/returns/ (since this directory does not include /store/cust-service/).

to get more info of path and cookie relate properties you can visit here.

---

The problem was that the cookie I wanted to remove had a path that was "/admin" and my logout servlet had the path "/admin/logoutServlet". When I get the cookie from the request the path is set to null. So when I add the cookie the path is set to "/admin/" as my servletIf I created a cookie with the path "/admin/" the servlet was able to remove it.

I solved the problem by explisitly setting the path of the cookie before adding it to the response.

minIdCookie.setMaxAge(0);
minIdCookie.setPath("/");
res.addCookie(minIdCookie);

But I don't understand why the path is null.

---

I think it is better to be using null instead of empty string. ie. change minIdCookie.setValue(""); to minIdCookie.setValue(null);