When does a cookie with expiration time 'At end of session' expire?

N

5

139

There is a session cookie with expiration time which says 'At end of session'. When exactly does it expire or will it be alive forever?

Niven answered 9/11, 2010 at 9:23 Comment(1)

This is entirely up to the user agent, i.e. the user's browser, but usually, that will indeed be when the browser is closed. – Photogene 13/7, 2016 at 0:18

B

78

When you use setcookie, you can either set the expiration time to 0 or simply omit the parameter - the cookie will then expire at the end of session (ie, when you close the browser).

Ballonet answered 9/11, 2010 at 9:28 Comment(9)

The case is:- I have two pages which uses different cookies. one is set to expire in 30 minutes and another is set to At end of session. suppose Both cookie are active right now but I am viewing a page for which we set 30 minutes and I have not gone to another page for a while. What this means? Is it something like a closing browser for the page which I have not viewed? – Niven 9/11, 2010 at 9:47

Please forgive me, I don't understand the question :/ Page A has a cookie with expire time = 0, page B has a cookie with expire time = 30 minutes. This means that if you close your browser, cookie A will be deleted, but cookie B will stay. If you don't close the browser in 30 minutes, cookie B will expire, but cookie A will remain active. Even if cookie B expires while you're viewing page B, nothing will happen in most cases, as the cookie will probably recreated as soon as you reload the page or visit another one within the same site. I hope at least some of this answers your question :| – Ballonet 10/11, 2010 at 23:42

@Ballonet I am wondering why, when I only close the tab, I lose the cookie. I thought it was supposed to die when you close the browser? – Gwalior 27/6, 2020 at 0:23

Note that I posted the original answer 10 years ago. Back then, process separation between browser tabs was not present in all browsers (I think only Chrome had this feature back then, though I'm not 100% sure about Firefox). So essentially, closing the browser was synonymous with "ending the process running the browser", while closing the tab wasn't guaranteed to be. Nowadays a tab is a separate process and I would risk a wager that this is what's going on in your case: when you close the tab, you end the process, so temp data and session storage are cleared. – Ballonet 29/6, 2020 at 10:30

To follow up: I'm only guessing, so take my above comment with a grain of salt. All in all, I think we can agree on the fact that the "browse session" is not clearly defined between browsers and devices, so it's implemented in a rather unpredictable manner. Please compare with the other answers in this thread. – Ballonet 29/6, 2020 at 10:34

So user can save the cookie value before closing the browser and reuse it forever by reusing the same value again? – Inwards 24/1, 2022 at 17:51

On Edge the cookie with expiry time 0 will stay after the browser window is closed. The browser might stay running and hence the cookie will stay indefinitely as apposed to a cook with an expiry > 0. – Protozoan 14/9, 2023 at 11:1

@Protozoan Lol, the original answer is 13 years old. Edge wasn't a thing back then. Maybe it should be updated to reflect the 2023 reality, given that it's the accepted one. Feel free to suggest edits. – Ballonet 15/9, 2023 at 12:32

@Ballonet the internet never forgets (and nobody knows I'm dog). Indeed this behaviour although quite good documented gets lost when conditions change. Closing a window not necessarily closes the browser. It might be time to revisit the w3c specs... – Protozoan 15/9, 2023 at 12:37

E

112

Cookies that 'expire at end of the session' expire unpredictably from the user's perspective!

On iOS with Safari they expire whenever you switch apps!

On Android with Chrome they don't expire when you close the browser.

On Windows desktop running Chrome they expire when you close the browser. That's not when you close your website's tab; its when you close all tabs. Nor do they expire if there are any other browser windows open. If users run web apps as windows they might not even know they are browser windows. So your cookie's life depends on what the user is doing with some apparently unrelated app.

Exurbia answered 5/4, 2016 at 9:9 Comment(7)

That's not my observation on iOS (10.2.1) – Microcurie 6/6, 2017 at 22:41

@Microcurie thanks for the observation. My observations were from older version. What does iOS 10.2.1 do? – Exurbia 12/6, 2017 at 11:29

i just want to add that it doesn't expire on Chrome for Mac. though i've set it as "continue where you left". but, i've already closed the browser tab for that domain, then restarted Chrome. the session cookie i set still exists. – Guilford 12/9, 2017 at 11:45

This is useful to know. – Proposal 4/4, 2018 at 11:32

Is there a good website documenting the different behavior? – Clydeclydebank 2/9, 2020 at 11:57

@Clydeclydebank developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie – Adulterine 22/10, 2021 at 4:37

As @Guilford noted, it seems that if the "continue where you left" option (or analogous in Chrome, Chromium, Firefox) is on, the session cookies persist forever unless specifically removed, even after all tabs and windows are closed. (I tried on a Linux desktop.) – Rachmaninoff 11/10, 2023 at 11:9