Tossing Your Stale Cookies

Deleting a cookie on a client machine is not as straight forward as you think. None of the following three methods will work: Response.Cookies.Clear Response.Cookies.Remove(myCookie) HttpCookieCollectoionVar.Clear Those methods simply tell the cookie not to overwrite the clients cookie. The safest way to delete the cookie is to set the cookiesExpires property to any time prior to the current time. This will tell the client to overwrite the current cookie with an expired cookie.As a result, the client will not send the cookie back to the server. Example: MyCookie.Expires = DateTime.Now.AddYears(-30). One common mistake is using DateTime.MinValue(01-Jan-0001 00:00:00). IE 6 will consider DateTime.MinValue to be a blank expiration date.Thus IE 6 will retain the cookie until the browser is close and then expires it. Another easy trap to fall into is to use DateTime.Now to immediately expire a cookie. In theory, it's a sound solution, but in reality it's likely that the server machine time is not synchronized with the client machine time.It can cause a bug to show up when uploaded to a live server that wasnt obvious when testing locally. Worse, it could create a situation where a web application works fine when the programmer views it but not when a normal user accesses it from their machine, which leads to the problem of Unable to reproduce the error. Both situations are notoriously hard to debug.