If you want to delete the cookie, you have to overwrite it with a new one with an expiration date in the past (you got that right, from what I can see).

You can only overwrite a cookie if you use the exact same domain, path, and name settings that you used when creating it. I am not 100% sure if an empty value works (it should though), so to make sure, I use a dummy value, such as '0'.

It would be helpful for you to see what cookie headers are actually being sent. I recommend the Mozilla plugin LiveHttpHeaders for that. Very useful for debugging web apps.

On a related note, your cookies should not contain anything useful for the user. Best would be a long random number, which only you can associate to a user session. A password is not something you want to store in a cookie, and a user_group_id you receive from a cookie is not trustworthy (the user can change the value easily).