Cookie is not deleting using Cookie::forget() after logout

Looks like you need to redirect with the removed cookie attached and laravel will destroy it:

public function logout(Request $request)
    {
        $cookie = \Cookie::forget('first_time');

        $this->guard()->logout();

        $request->session()->invalidate();


        return $this->loggedOut($request) ?: redirect('/')->withCookie($cookie);

Edit: Or it looks like you can also use \Cookie::queue(\Cookie::forget('first_time')); to avoid creating the cookie variable and redirecting with it.

@manelgavalda I've used your code. it storing cookie first_name without value. and created date showing Thursday, November 21, 2019 at 4:12:09 PM and expires showing Thursday, November 21, 2019 at 4:12:09 PM.

When I logged in again, the same cookie showing created Thursday, November 21, 2019 at 3:35:09 PM and expires When the browsing session ends.

Why this?

Have you tried \Cookie::queue(\Cookie::forget('first_time')); to remove it? And also, when are you creating the cookie?

I would move the logic to the loggedOut method to avoid changing core functionality

    protected function loggedOut(Request $request)
    {
         $cookie = \Cookie::forget('first_time');

         return redirect('/')->withCookie($cookie);
    }

Laravel will still send a first_time cookie, but with an expiration date set to a date in the past.

This is how the server tells the browser a cookie is no longer valid. So in the subsequent requests browser will no longer send it as it is expired.

@manelgavalda I've tried but same result as I mentioned.

I'm creating cookie after user login. When they redirect to their home page after login then, I check if the cookie exists using my js. if not a modal will be triggered and a cookie will set.

@rodrigo.pedra I want to delete the cookie when a user logged out and create it again after user login.

In your JS code can you check if the cookie is expired?

As I told before the forget mechanism will still send a cookie with that name, but with a date in the past (expired).

Try checking in the JS if the cookie is expired or not, might solve your problem.

@rodrigo.pedra I've checked with your given code above (loggedOut() function). but didn't working.

My expected result was like you said. Its not working as expected. Its working now like:

If I loggedout an expired cookie will set. When I logged in, the old cookie is there. Its not removing.

The browser won't remove a cookie from its storage, it will keep its info there even when expired. The difference is that it won't send an expired cookie on a request header.

I don't know any method of the server instructing the browser on how it should manage its own storage.

What the server can do is say: Hey this one is expired! How the client, in this case the browser, will proceed is not up to the server to know about.

On login you can send a new Cookie with the same name with a new expiration date.

EDIT

On alternative that came to my mind: on your login screen you can add a JavaScript to check for expired cookies and remove them locally on page load. This way there won't be any expired cookies before sending the login request.

Maybe cookies that are not marked http only are not deleted by server action.

Also, this only detects first login on this device. Are you happy that if the user logs in from somewhere else, they see the first use modal again?

I would keep it server side. If the User created_at and updated_at are the same value then this is first login. Touch the User model then return the view to the client with the modal included.