how to delete a cookie in liferay DXP custom theme using freemarker?

Question

I want to delete a cookie USERID in my liferay custom theme free marker templete

i am using liferay DXP

I tried this code

<#if !is_signed_in>
    <#assign aCK=objectUtil("com.liferay.portal.kernel.util.CookieKeys") />
    <#assign userID = aCK.getCookie(request,"USERID") /> 
    <#assign VOID=aCK.deleteCookies(request, response,aCK.getDomain(request), "USERID") />

    </#if>

</#if>

but give me null pointer exception becuase of i have null response !

can someone help me to try to do this ?

update :my main purpose is to delete specific cookie "USERID" when:

a-the user logout

b-the session timeout

for(a) i have done the first part by implementing logoutPostAction hook (because logout action don't clear cookies so i need to do this manually)

for (b) i tried to implement sessionDestroyAction hook but i don't have request and response to delete cookies only httpSession

so i turned to the solution of deleting cookies when the session timeout redirect me to the login page or home page so trying to do this in my custom theme .

i hope this update is clear to describe my problem, and try to help me how to solve my problem ?

Answer 1

You're doing some active work in the theme, but a theme is typically thought of being rather passive: It provides the look and feel of your application, not any additional business logic.

Consider moving code that modifies Cookies into a portlet - and there into the action phase, when you can change state and it's still early enough to write response headers to the resulting page. Once you render your theme, you're not guaranteed to be able to render HTTP headers (which you're trying to do for the Cookies). If the first bytes of the page have already been delivered to the browser while your freemarker theme gets to these lines, they'll still fail. And even if it looks like they'd work: they might fail only under load, when it's particularly hard to debug such an event.

Or, alternatively: What are you actually trying to do that caused you to come up with this solution? I can't see a problem that I'd solve with this solution - we might be able to help you with suggestions to solve your underlying problem if you name it.

Edit: On your edited problem B (as A seems to be solved): Setting cookies when the session expires: This won't ever work, by specification. Because the session expires server side, without the browser requesting anything (that's the reason why you don't have a request and response object: The browser might have gone offline or terminated half an hour ago - you are just not able to reach it at this point).

If your USERID is sensible and must not be on the browser after the session is ended: Don't store it in a cookie. Use if from the session (server side) and you're good to go. You're chasing a problem that can't be solved.

And never act solely on the cookie value - always make sure that it's not been tampered with.