fix(server): clearCookies({name}) should not transiently delete other cookies (#40955)

adityasingh2400 · Skn0tt · web-flow · commit dc8836a9cb8b · 2026-05-27T18:28:20.000-07:00
Co-authored-by: Simon Knott &lt;info@simonknott.de&gt;
diff --git a/packages/playwright-core/src/server/browserContext.ts b/packages/playwright-core/src/server/browserContext.ts
@@ -309,8 +309,11 @@ export abstract class BrowserContext<EM extends EventMap = EventMap> extends Sdk
   }
 
   async clearCookies(options: {name?: string | RegExp, domain?: string | RegExp, path?: string | RegExp}): Promise<void> {
-    const currentCookies = await this._cookies();
-    await this.doClearCookies();
+    const hasFilter = options.name !== undefined || options.domain !== undefined || options.path !== undefined;
+    if (!hasFilter) {
+      await this.doClearCookies();
+      return;
+    }
 
     const matches = (cookie: channels.NetworkCookie, prop: 'name' | 'domain' | 'path', value: string | RegExp | undefined) => {
       if (!value)
@@ -322,13 +325,21 @@ export abstract class BrowserContext<EM extends EventMap = EventMap> extends Sdk
       return cookie[prop] === value;
     };
 
-    const cookiesToReadd = currentCookies.filter(cookie => {
-      return !matches(cookie, 'name', options.name)
-        || !matches(cookie, 'domain', options.domain)
-        || !matches(cookie, 'path', options.path);
+    const currentCookies = await this._cookies();
+    const cookiesToExpire = currentCookies.filter(cookie => {
+      return matches(cookie, 'name', options.name)
+        && matches(cookie, 'domain', options.domain)
+        && matches(cookie, 'path', options.path);
     });
 
-    await this.addCookies(cookiesToReadd);
+    if (!cookiesToExpire.length)
+      return;
+
+    await this.addCookies(cookiesToExpire.map(cookie => ({
+      ...cookie,
+      value: '',
+      expires: 0,
+    })));
   }
 
   setHTTPCredentials(progress: Progress, httpCredentials?: types.Credentials): Promise<void> {
diff --git a/tests/library/browsercontext-clearcookies.spec.ts b/tests/library/browsercontext-clearcookies.spec.ts
@@ -164,3 +164,75 @@ it('should remove cookies by name and domain', async ({ context, page, server })
   await page.goto(server.CROSS_PROCESS_PREFIX);
   expect(await page.evaluate('document.cookie')).toBe('cookie1=1');
 });
+
+it('should not transiently delete non-matching cookies when filtering', {
+  annotation: { type: 'issue', description: 'https://github.com/microsoft/playwright/issues/40953' },
+}, async ({ context, page, server }) => {
+  await context.addCookies([{
+    name: 'keep_me',
+    value: '1',
+    domain: new URL(server.PREFIX).hostname,
+    path: '/',
+  },
+  {
+    name: 'delete_me',
+    value: '2',
+    domain: new URL(server.PREFIX).hostname,
+    path: '/',
+  }
+  ]);
+  await page.goto(server.PREFIX);
+
+  const eventsHandle = await page.evaluateHandle(() => {
+    const events: string[] = [];
+    cookieStore.addEventListener('change', event => {
+      for (const changed of event.changed)
+        events.push(`changed ${changed.name}`);
+      for (const deleted of event.deleted)
+        events.push(`deleted ${deleted.name}`);
+    });
+    return events;
+  });
+
+  await context.clearCookies({ name: 'delete_me' });
+  await expect.poll(() => eventsHandle.jsonValue()).toEqual(['deleted delete_me']);
+  expect(await page.evaluate('document.cookie')).toBe('keep_me=1');
+});
+
+it('should remove partitioned cookies by name', {
+  annotation: { type: 'issue', description: 'https://github.com/microsoft/playwright/issues/40953' },
+}, async ({ browser, httpsServer, browserName }) => {
+  it.skip(browserName !== 'chromium', 'Partitioned cookies (CHIPS) are Chromium-specific');
+  const context = await browser.newContext({ ignoreHTTPSErrors: true });
+  await context.addCookies([
+    {
+      name: 'delete_me',
+      value: '1',
+      domain: httpsServer.HOSTNAME,
+      path: '/',
+      secure: true,
+      sameSite: 'None',
+      partitionKey: `https://${httpsServer.HOSTNAME}`,
+    },
+    {
+      name: 'keep_me',
+      value: '2',
+      domain: httpsServer.HOSTNAME,
+      path: '/',
+      secure: true,
+      sameSite: 'None',
+      partitionKey: `https://${httpsServer.HOSTNAME}`,
+    },
+  ]);
+  const before = await context.cookies();
+  expect(before).toEqual([
+    expect.objectContaining({ name: 'delete_me', partitionKey: `https://${httpsServer.HOSTNAME}` }),
+    expect.objectContaining({ name: 'keep_me', partitionKey: `https://${httpsServer.HOSTNAME}` }),
+  ]);
+
+  await context.clearCookies({ name: 'delete_me' });
+  expect(await context.cookies()).toEqual([
+    expect.objectContaining({ name: 'keep_me', partitionKey: `https://${httpsServer.HOSTNAME}` }),
+  ]);
+  await context.close();
+});
