For my authentication process I create a unique token when a user logs in and put that into a cookie which is used for authentication.
So I would send something like this from the server:
Set-Cookie: token=$2a$12$T94df7ArHkpkX7RGYndcq.fKU.oRlkVLOkCBNrMilaSWnTcWtCfJC; path=/;
Which works on all browsers. Then to delete a cookie I send a similar cookie with the expires field set for January 1st 1970
Set-Cookie: token=$2a$12$T94df7ArHkpkX7RGYndcq.fKU.oRlkVLOkCBNrMilaSWnTcWtCfJC; path=/; expires=Thu, Jan 01 1970 00:00:00 UTC;
And that works fine on Firefox but doesn’t delete the cookie on IE or Safari.
So what is the best way to delete a cookie (without JavaScript preferably)? The set-the-expires-in-the-past method seems bulky. And also why does this work in FF but not in IE or Safari?
