Login/Register
Chrome doesn't delete session cookies
Asked Answered
Solved javascriptsessiongoogle-chromecookies
D

14

226

I'm trying to set session cookie in javascript like this:

document.cookie = 'name=alex; path=/'

But Chrome doesn't delete it even if I quit browser and launch it again.

I checked in Firefox and Opera and both work as intended - they delete session cookie on browser exit.

Is Chrome just ignoring expiration rules?

I checked in multiple OSes and found out that session cookie gets removed on Chrome in Windows XP and Ubuntu, but NOT in Mac OSX Lion.

Dipterous answered 16/5, 2012 at 11:54 Comment(3)
It was exactly as in my post i.e. without expiration, not sure about Httponly. I'm not trying to delete it by hand. The problem is browsers should delete it on exit but Chrome just doesn't do it.Dipterous
>>> and found out that session cookie gets removed on Chrome in Windows XP. No. In Windows XP Chrome doesn't delete cookie too. I use now Windows XP and have found your question because have got the same problem. The only difference is that I use ZF2 and set session options through Session package. But it is usual php way anyway - ini_set("session.cookie_lifetime", 0) and 'remember_me_seconds' => 1. But doesn't help. Firefox works fine, but Chrome doesn't.Unseat
not working for me , session cookie not clear after exit , chrome v85Ducks
C
270

This can be caused by having Chrome set to Continue where you left off.

enter image description here

Further reading

Celestyna answered 27/5, 2012 at 7:42 Comment(11)
Note: you can encounter the exact same issue in Firefox if you have the "Show my windows and tabs from last time" selection for the "When Firefox starts" pulldown in options. For the same reason. By design, session cookies are being retained to help keep workflow in the event of a browser crash.Estaestablish
Yup. Chrome and FF both break session cookie functionality because of this. For chrome, the issue has been reported: code.google.com/p/chromium/issues/detail?id=128513 and marked WONTFIX. So obviously, Google doesn't give a f*** about following web standards and security holes in Chrome and neither does FF. See FF bug (at least not closed): bugzilla.mozilla.org/show_bug.cgi?id=443354 What a sad state for these two browsers.Belgian
w3.org/Protocols/rfc2109/rfc2109: Max-AgeThe default behavior is to discard the cookie when the user agent exits.Belgian
@lucian303, while this does look like a violation of standards, I don't think you can have "continue browsing from last time" without "keeping session cookie alive". Opera, rekonq, and IE9 (via the "Reopen last session" link in the New Tab page), for example, implement the former without the latter. As a result, such browsers can show you cached pages that wrongly indicate that you are still logged in and/or have staled CSRF protection token.Mis
Why do they show you cached pages then? It's ridiculous that this bug hasn't been fixed over a year later!Phyliciaphylis
Just one more bug reported for FF: bugzilla.mozilla.org/show_bug.cgi?id=879496 still with status NEWMelly
What's the best approach to achieve a similar effect as a session cookie? expiry very low?Articulator
I notice that chrome does remove objects in sessionStorage when quitting and restarting browser, which is inconsistent at the very least.Archicarp
@Celestyna thank you! This just started being an issue for me (for some reason) as I was able to delete cookies manually or at least close the browser and restart to get a fresh session before. I've disabled "Continue where you left off" for now.Paludal
This post has a pretty non-invasive fix. #12784378Pasta
Confirming, "Continue where you left off." does have the mentioned effect. But also all chrome apps must exit, either did chrome process manually/by PC restart ended, or setting: "Continue running background ...". Firefox does not delete them either, I did not check the "Continue..." setting.Washcloth
T
27

I just had the same problem with a cookie which was set to expire on "Browsing session end".

Unfortunately it did not so I played a bit with the settings of the browser.

Turned out that the feature that remembers the opened tabs when the browser is closed was the root of the problem. (The feature is named "On startup" - "Continue where I left off". At least on the current version of Chrome).

This also happens with Opera and Firefox.

Tichonn answered 8/2, 2013 at 13:3 Comment(5)
This solved the issue straight away for me! Nice to know why things happen the way they do :)Genagenappe
Unacceptable. I don't want Chrome to forget what windows were open, because I all too often accidentally quit Chrome with lots of tabs open. (Thanks OS X for letting me scroll a window that doesn't have focus, leading me to think it DOES have focus. But, different story). If I have to log back in, so be it. To not log me out when I quit deliberately makes it difficult to make sure I'm not logged in anywhere still, which can be a BIG security issue.Phyliciaphylis
At least this option isn't enabled by default. This "feature" is also mentioned in Google Help: "Chrome will also restore your browsing data and session cookies.". IMO this should be an additional sub-option under "Continue where I left off".Hinckley
Incidentally this does not seem to be a "problem" with Opera anymore (tested Opera 22, although I've not noticed it being an issue for at least a version or two). Firefox 29 restores session cookies when the corresponding "Show my windows and tabs from last time" is checked (as per the documentation).Hinckley
@Phyliciaphylis Which doesn't make much sense as most websites using sessions won't allow you back on the page you were on if you've been logged out. So do you want the browser to continue where you left off or not?Larondalarosa
M
23

I just had this issue. I noticed that even after I closed my browser I had many Chrome processes running. Turns out these were each from my Chrome extension.

Under advanced settings I unchecked 'Continue running background apps when Google Chrome is closed' and my session cookies started working as they should.

Still a pain in the rear for all of us developers that have been coding expecting that session cookies would get cleared when the user is done browsing.

Matriarch answered 25/9, 2012 at 22:26 Comment(3)
Ordinarily the "background apps" has nothing to do with session cookie persistence (unless maybe you have an extension that is remembering your session cookies?!). The "Continue where I left off" option in settings also restores session cookies (as mentioned in another answer).Hinckley
It's working, after I disabled that option I get my session cookies cleared!Keitel
This is indeed another reason that causes session cookies not to be deleted. Thanks.Shonda
C
12

I had to both, unchecked, under advanced settings of Chrome :

  • 'Continue running background apps when Google Chrome is closed'
  • "Continue where I left off", "On startup"
Covey answered 11/2, 2015 at 1:49 Comment(2)
This should be voted higher, or the top answer should be edited to include the "running background apps" point. This affected me. Turning off "Continue where I left off" did not fix it. I had to also turn off "Continue running background apps when Google Chrome is closed". Then, my session cookies were being deleted properly when I closed Chrome.Mia
I think that this is indeed the best answer.Shonda
M
11

This maybe because Chrome is still running in background after you close the browser. Try to disable this feature by doing following:

  1. Open chrome://settings/
  2. Click "Show advanced settings ..."
  3. Navigate down to System section and disable "Continue running background apps when Google Chrome is closed". This will force Chrome to close completely and then it will delete session cookies.

However, I think Chrome should check and delete previous session cookies at it starting instead of closing.

Milburt answered 24/10, 2013 at 8:16 Comment(0)
T
3

A simple alternative is to use the new sessionStorage object. Per the comments, if you have 'continue where I left off' checked, sessionStorage will persist between restarts.

Tangleberry answered 21/11, 2013 at 21:56 Comment(3)
No, it does persist between restarts, if you have "Continue where I left off" checked.Chalet
TimDog: "sessionStorage will persist between restarts.", @Chalet "No, it does persist between restarts". Guys, do you agree or argue? I don't understand :) Ah, wait, I get it...Phototypography
Doesn't persist in Chrome 84, "Continue where I left off" flag is irrelevant.Multilingual
I
3

This issue is caused because you are using Continue where I left off and Continue running background apps when Google Chrome is closed feature of chrome (currently my version is 96).

Please consider setting those off (to test functionality).

Illyrian answered 21/12, 2021 at 10:50 Comment(0)
L
2

I had the same problem with "document.cookie" in Windows 8.1, the only way that Chrome deletes the cookie was shutting it from task manager (not a really fancy way), so I decided to manage the cookies from the backend or use something like "js-cookie".

Lenin answered 5/6, 2015 at 21:4 Comment(0)
I
1

Have you tried to Remove hangouts extension in Google Chrome? because it forces chrome to keep running even you close all the windows.

I was also facing the problem but it resolved now.

Irritate answered 14/8, 2013 at 5:49 Comment(0)
A
-2

If you set the domain for the php session cookie, browsers seem to hold on to it for 30 seconds or so. It doesn't seem to matter if you close the tab or browser window.

So if you are managing sessions using something like the following it may be causing the cookie to hang in the browser for longer than expected.

ini_set("session.cookie_domain", 'www.domain.com');

The only way I've found to get rid of the hanging cookie is to remove the line of code that sets the session cookie's domain. Also watch out for session_set_cookie_params() function. Dot prefixing the domain seems to have no bearing on the issue either.

This might be a php bug as php sends a session cookie (i.e. PHPSESSID=b855ed53d007a42a1d0d798d958e42c9) in the header after the session has been destroyed. Or it might be a server propagation issue but I don't thinks so since my test were on a private servers.

Arta answered 17/1, 2018 at 3:0 Comment(0)
Y
-2

I just had this problem of Chrome storing a Session ID but I do not like the idea of disabling the option to continue where I left off. I looked at the cookies for the website and found a Session ID cookie for the login page. Deleting that did not correct my problem. I search for the domain and found there was another Session ID cookie on the domain. Deleting both Session ID cookies manually fixed the problem and I did not close and reopen the browser which could have restored the cookies.

Ybarra answered 7/3, 2019 at 20:31 Comment(0)
W
-2

Go to chrome://settings/content/cookies?search=cookies

Enable Clear cookies and site data when you quit Chrome.

Worked for me

Whereof answered 25/3, 2020 at 18:41 Comment(1)
This is not a solution to clear session cookies, you are deleting every single cookieMultilingual
T
-4

The solution would be to use sessionStorage, FYI: https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage

Tenpin answered 1/12, 2017 at 6:35 Comment(0)
P
-9

Google chrome has a problem if you set and unset cookie improper way. This is php code. Thought this will give you idea.

Set cookie

setcookie('userLoggedIn', 1, 0, PATH);

Wrong way and will not work (notice PATH is missing)

setcookie('userLoggedIn', 0, time()-3600);

Correct way fixes issue on google chrome

setcookie('userLoggedIn', 0, time()-3600, PATH);
Protectionism answered 28/11, 2014 at 16:18 Comment(1)
The question is not about an improper cookie.Sutherland

© 2022 - 2024 — McMap. All rights reserved.