使Cookie过期

Question

I am trying to comply with new EU law for cookie legislation and need to remove all the cookies on my site before the user consents to it. Currently I've used the following successfully:

function deleteAllCookies() {
    var cookies = document.cookie.split(";");

    for (var i = 0; i < cookies.length; i++) {
        var cookie = cookies[i];
        var eqPos = cookie.indexOf("=");
        var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
        document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
    }
}

However once this process runs there is still as a cookie called ASP.NET_SessionID which is created by ASP.NET. To overcome this I set the following in the web.config file which basically stores the sessionID in the URL:

 <sessionState regenerateExpiredSessionId="true" cookieless="true" />

The problem I have is when I set cookieless="true" the javasscript code above doesn't remove any of my cookies anymore, its like its become redundant. When I set cookieless="false", the javascript works perfectly. Are there any other settings I need to change to get both to work together?

Thanks

Answer 1

If you don't need session, you can disable sessionstate (mode="Off")

Also, I usually cleanup the cookies server-side, like this (never looked if it removed asp.net sessionid though) :

protected void Page_Load(object sender, EventArgs e)
{
    Response.BufferOutput = true;
    Session.Abandon();
    HttpCookieCollection cookies = Request.Cookies;
    var cookiesList = new List<String>();
    foreach (String cookieKey in cookies)
        cookiesList.Add(cookieKey);

    foreach (var cookieKey in cookiesList)
    {
    var cookie = new HttpCookie(cookieKey);
    cookie.Expires = DateTime.Now.AddDays(-1d);
    Response.Cookies.Add(cookie);
    }
}

Hope this can help.