Can't delete cookie with Win32 InternetSetCookie function

Question

I have a cookie created from logging into Asana using OAuth in my desktop app (C#, using the WebBrowser control). It's stored in C:\\Users\\elega\\AppData\\Local\\Microsoft\\Windows\\INetCache, named "cookie:elega@app.asana.com/".

I want to delete it so that Asana's API doesn't automatically give me a new token when I navigate to it's OAuth page. When that cookie is manually deleted it forces the user to login again - which is what I want.

From my research it appears you cannot delete a cookie directly with code, but you can expire it. So I'm using the InternetSetCookie function, but it doesn't appear to be modifying the cookie file (judging by the last modified data stamp in the file, and the fact that OAuth is still giving me tokens). I haven't seen any extensive explanation on what the cookie name could be, but I've tried all the variations below and nothing is working. What am I doing wrong?

class DeleteCookie
{
    [DllImport("wininet.dll", CharSet = CharSet.Auto, SetLastError = true)]
    static extern bool InternetSetCookie(string lpszUrlName, string lbszCookieName, string lpszCookieData);

    private void Delete()
    {
        bool returnVal;

        returnVal = InternetSetCookie("https://app.asana.com", "cookie:elega@app.asana.com/", "expires = Sat,01-Jan-1970 00:00:00 GMT");
        returnVal = InternetSetCookie("https://app.asana.com", "elega@app.asana.com/", "expires = Sat,01-Jan-1970 00:00:00 GMT");
        returnVal = InternetSetCookie("https://app.asana.com", "cookie:elega@app.asana.com", "expires = Sat,01-Jan-1970 00:00:00 GMT");
        returnVal = InternetSetCookie("https://app.asana.com", "elega@app.asana.com", "expires = Sat,01-Jan-1970 00:00:00 GMT");
        returnVal = InternetSetCookie("https://app.asana.com", null, "expires = Sat,01-Jan-1970 00:00:00 GMT");
    }
}    

Answer 1

只需使用File.Delete方法从指定的目录中删除cookie。

Answer 2

@Eric Legault, I'm a developer advocate at Asana. I took a look around to try to see what might work for you.

First off, we have had a few requests with regards to this behavior; specifically, we've had a proposal to add a feature to this redirect flow where integrations can cause a user picker to show up for the purpose of letting the integration log in to Asana with a bot account, say, even if there is a day-to-day Asana account also logged in. Is this the sort of thing you're hoping to accomplish? (That'd be good to know to help us determine priorities of things)

In any case, I can give you some pointers to try to make this work, but as this is a pretty hacky way to log out (although admittedly our fault for not making this easy in the first place), I'd prefer if you send an email to devrel@asana.com rather than to post in a public channel. The risk here for us is that we may post information about a not-officially-supported way to manage logout, which, if we change our cookie schema, might cause integrations relying on the hack to break, and that's sad for all of us. Feel free to contact us directly if you're interested!