Dropping xenforo Cookies

Dan Allen

Active member
For integration with other software on our domain, it sometimes is necessary to drop the cookies put onto browsers by XenForo. Unfortunately, I have not found a way to make this happen.

I have been trying to remove the cookies with php using code like this:

setcookie ("xf_user", "", time() - 3600);
setcookie ("xf_session", "", time() - 3600);

This is being done on the https:// connection used when the cookies are put into browser. It's done by a program that does the procees to all cookies for the domain, so there is no chance setcookie is failing from running after data has been sent to the browser. If that were the case, none of the other cookies would drop.

I might as well send my cat for all the good it is doing. This method of dropping cookies works for a lot of cookies, but not the xenforo cookies.

Any hints would be appreciated immensely.


XenForo developer
Staff member
To drop a cookie, you need to match the settings of the original cookie. Notably, this includes the domain (probably empty), the path (probably /) and the secure flag (true if done via an HTTPS connection). There are additional arguments you'll need to pass to set these.

Dan Allen

Active member
Here is a cookie

Here is the get-rid-of-it statement that does not work:
setcookie( 'xf_user', 'xxx', time()-1, '/', 'hollyswritingclasses.com', true, true)

I cannot find any documentation regarding how to send the size attribute.
Last edited:

Dan Allen

Active member
This gets it done, consistent with your suggestion of probably needing the domain attribute blank.

setcookie( 'xf_user', '', time()-1, '/', '', false, false)

However, the httponly and secure attributes did not have to set to true.

Cookie rules defy reason.