5

Because of the third-party cookie deprecation, I've updated some cookies for an application of mine accordingly to be "partitioned" using CHIPS.

In my case, for example, an affected cookie is set with JavaScript like this:

function setPartitionedCookie() {
  document.cookie =
    "cookie=delicious; Max-Age=86400; Path=/; Secure; SameSite=None; Partitioned;";
}

I'm trying to delete this cookie with JavaScript by setting the expiration date (Expires attribute) to a date in the past, as suggested in various questions here on Stack Overflow, see for example "Clearing all cookies with JavaScript".
Unfortunately, this does not work for partitioned cookies without also specifying the Secure and Partitioned attributes, at least in Chrome version 123:

function deletePartitionedCookie() {
  /* "Secure" and "Partitioned" attributes are required to delete the partitioned cookie in Chrome */
  // document.cookie = "cookie=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; Partitioned;"; // this does work in Chrome

  document.cookie = "cookie=; Expires=Thu, 01 Jan 1970 00:00:00 UTC;"; // this does not work in Chrome
}

From the answers to "Unable to delete cookie from javascript", I found out that it is sometimes required to also set the corresponding Path and Domain attributes. However, it's not explained why and in which cases this is required.

Is this behavior by design, or is there a specification for it? Could it even be a bug in Chrome?
What is the correct way to delete "partitioned cookies"?

Since Firefox and Safari do not support the Partitioned attribute, it is not yet an issue there. I haven't had a chance to test the behavior in Edge yet.

I'm not sure if an example here in the code snippet works, so I created this Glitch to test it:
https://delete-partitioned-cookies.glitch.me/

Improve this question

2 Answers 2

Reset to default
-1

Deleting a Partitioned Cookie needs Host Key and Partition Key to map to the proper cookie, so Partition and Secure tags are needed to Delete it

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks for the information. It makes sense that the keys must match the cookie. So are the keys bound to the Partitioned attribute? And if so, why aren't Path and Domain needed to check this against? And how is Secure related to this? Can you please explain this in more detail? Maybe with some sources from the spec?
@glmvc Partition Key is only mapped with Partition attribute, Path and Domain are to restrict scope of cookie and not to get Partition Key. Also Partitioned Cookie always works with Secure attribute to transmit over encrypted connection and also the architecture is made that way [ Page No. 3 in link]
Thanks again! Now I think I understand why the Secure attribute is needed - because Partitioned requires it to be valid and operate? Is there any official source that states that deleting a partitioned cookie requires the matching keys? I will accept your answer if you update it with the additional information in a reasonable way.
@glmvc Sure! You can check how cookie key is working WITH/WITHOUT the Partition Attribute : link, Why Secure is needed? -> link, Partitioning Model -> link, There is a whole discussion on using KEY on partitioned data to protect from cross-site-tracking -> link
-1

Path and Domain are also required, but they have somewhat-reasonable defaults based on the current page url - its directory and domain

If you ran your script at / or /somepage it would clear / cookies, but if you ran it at /somedir/somepage or even /somepage/ it would not. And conversely, if the cookie was set with path=/somepage and you tried to clear it without specifying the same, it would fail to get cleared if running from / or even /somepage since there it defaults to /, but get properly cleared from /somepage/ or /somepage/blah.

This would've been a comment if SO wasn't dumb by only allowing me to post answers, not comments

Improve this answer

1 Comment

This gives some insight into how deleting with Path works, but it doesn't directly answer the question regarding Partitioned. Anyway, as you said it would be a comment, I really appreciate your input, thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.