{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 叼着烟拽天下 的问题《a cookie that refuses to delete》','https://www.manongdao.com/q-830127.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am having a problem with deleting cookies in classic ASP. Setting and retrieving the cookies is working wonderfully, without problems, on multiple domains. Deleting the cookies is not.
The cookie that refuses to delete will time out and remove itself on the original timeout, but that is not an option.
I've looked through the documentation, stack overflow, Stack Exchange (web applications) (some of the problems are similar and gave me some of the answers, but not the same), cookie central, and MSDN.
Updating the pages to ASP.NET is not an option at this time.
The cookie values and names are in hexadecimal with a leading "O" to eliminate any possible problems with the encrypted data and the scripting languages (ASP, VBScript, Jsvascript, SQL) having problems with the characters.
Note that some of the different attempts are commented out.
Sub Set4HrCookie(ByVal CookieName, ByVal CookieValue)
Response.Cookies(CookieName).Expires = DateAdd("n", 240, Now())
Response.Cookies(CookieName).Domain = ".mydomain.net"
Response.Cookies(CookieName).Path = "/"
Response.Cookies(CookieName) = CookieValue
Response.Cookies(CookieName).Secure = FALSE
End Sub
Sub Set1DayCookie(ByVal CookieName, ByVal CookieValue)
Response.Cookies(CookieName).Expires = Now() + 1
Response.Cookies(CookieName).Domain = ".mydomain.net"
Response.Cookies(CookieName).Path = "/"
Response.Cookies(CookieName) = CookieValue
Response.Cookies(CookieName).Secure = FALSE
End Sub
Sub KillThatCookie(ByVal CookieName)
Response.Cookies(CookieName).Domain = ".mydomain.net"
Response.Cookies(CookieName).Path = "/"
Response.Cookies(CookieName).Expires = Now() ' Now() - 1 ' #01/01/1999#
' Response.Cookies(CookieName).Secure = FALSE
Response.Cookies(CookieName) = ""
End Sub
An example of a cookie that is refusing to delete:
O9DCCF20B15CA0F382184A96BAB
OFA86B660438C4863797E4485DE
mydomain.net/
The following are some of the URLs that gave me information.
You have to assign the .domainname.com domain when you clear them out otherwise it won't clear them out.
http://forums.asp.net/t/1399232.aspx/1
Cookies with a DOMAIN value in classic ASP
http://blurbly.net/5_5.htm
Edit: Further tests have shown that because the "Path" was used on the cookie, the "Path" was required on the "Kill".
Edit: This is IIS-6 - it appears to be similar to the known error with VB6 INI files. When a program hits the INI file too fast the system can't keep up and INI file corruption happens.
At long last I found the answer. Our site was using both HTTPOnly cookies and standard cookies. The problem is that IIS can't handle that. Either all cookies are HTTPOnly or none. One of them was being set both ways, all non-HTTPOnly cookies after that were not deleted. The KillThatCookie remains the same. The set cookie for one day becomes:
Also, Cookies with an underscore "-', parenthesis"()", ampersand "&" are problematic. They won't necessarily delete. I'm sure that there are more characters, but the documentation says that these are valid. They may be valid, but they cause problems.
edit: It appears that there is even more to it. The multiple timeout is also a problem.
edit: Part of the problem is we're encrypting the keys which makes it case sensitive.
For deleting the cookie, do this way:-