'The Undeletable Oracle APEX Cookie

I am working on SSO using CPIP for Oracle APEX. I can get SSO working once, but it won't work after the user logs out unless they delete their cookies. To fix this, I'm creating a custom logout page inside the application (to avoid any domain restrictions) that will delete the cookies. The particular one I'm trying to delete is called ORA_WWV_APP_109. Mozilla Developer Tools Storage lists the following properties. 

CreationTime:"Tue, 27 Mar 2018 15:22:45 GMT"
Domain:"dev-banner01.cameron.edu"
Expires:"Session"
HostOnly:true
HttpOnly:true
LastAccessed:"Tue, 27 Mar 2018 15:40:08 GMT"
Path:"/pls/apex/"
Secure:false

I tried the following JavaScript.

document.cookie="ORA_WWV_APP_109=;path=/pls/apex/;HttpOnly;expires=Thu, 01-Jan-1970 00:00:01 GMT;";

Unfortunately, this doesn't work. Can anyone tell me why?

Thank you,

~ Bob

javascriptoracle-apex


Solution 1:[1]

Okay, I found the answer. Because it's an httpOnly cookie, it can only be modified via an HTTP header.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Bob Dill

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?