node.js - 是不是不能删除 httpOnly 的 Cookie

Question

我的应用是由node和express搭建的，执行下面代码，其中 xxxxx 是 httpOnly 的，结果是：uname 删除了，xxxxx没有被删除。所以，不能删除 httpOnly 的 Cookie？

res.clearCookie('uname');
res.clearCookie('xxxxx');

Answer 1

Add your path, for example

res.clearCookie('xxxxx', { path: '/' });

If that doesn’t work, set the expiration time to -1

res.cookie('xxxxx', '', { expires: -1, path: '/' });

Answer 2

httponly js cannot be read or deleted

Answer 3

I haven’t tried this, but it seems that after setting httpOnly, the cookie content cannot be read by using document.cookie in the browser console.