我的应用是由node和express搭建的,执行下面代码,其中 xxxxx 是 httpOnly 的,结果是:uname 删除了,xxxxx没有被删除。所以,不能删除 httpOnly 的 Cookie?
res.clearCookie('uname');
res.clearCookie('xxxxx');
大家讲道理2017-04-17 13:12:41
Add your path, for example
res.clearCookie('xxxxx', { path: '/' });
If that doesn’t work, set the expiration time to -1
res.cookie('xxxxx', '', { expires: -1, path: '/' });
大家讲道理2017-04-17 13:12:41
I haven’t tried this, but it seems that after setting httpOnly, the cookie content cannot be read by using document.cookie in the browser console.