Asked  7 Months ago    Answers:  5   Viewed   178 times

I'm trying to set session cookie in javascript like this:

document.cookie = 'name=alex; path=/'

But Chrome doesn't delete it even if I quit browser and launch it again.

I checked in Firefox and Opera and both work as intended - they delete session cookie on browser exit.

Is Chrome just ignoring expiration rules?

I checked in multiple OSes and found out that session cookie gets removed on Chrome in Windows XP and Ubuntu, but NOT in Mac OSX Lion.

 Answers

48

This can be caused by having Chrome set to Continue where you left off.

enter image description here

Further reading

  • Bug report: Chrome is not deleting temporary cookies – i.e. not logging me out automatically when I close all browser Windows
  • Issue 128513 in Chromium: Session Cookies not cleared when Chrome processes closed
  • Issue 128567: Session only cookies don't delete
Tuesday, June 1, 2021
 
etsous
answered 7 Months ago
40

I have run into this before and was equally confused. Since a few months ago Chrome has prefetching enabled. So to speed up perceived speed to users, it crawls most links on the page and retrieves and renders them partially in advance. Great for end users since if you're on broadband it can really reduce page change times.

Unfortunately for us web developers, it leads to confusion like the above. This happens for example when a Chrome user visits a website and has not yet been assigned a cookie or session, but the browser has pre-fetched multiple pages and been assigned multiple sessions.

So let's say someone visits a page with links to different areas of your PHP script, and the script is designed to assign a cookie to all visitors...if Chrome fetches two of those pages simultaneously or close to it, PHP will end up assigning different sessions because another thread in Chrome will basically require a new session/cookie before the other assignment has been completed.

There are two solutions I'm aware of: One is Google's JavaScript API for handling prerendering, which I haven't found to be particularly good. The other way is to perform more stringent checking when handing out sessions and cookies from PHP. Either don't assign sessions to guest users, or add some additional checks (IP, hostname, whatever).

Hope that helps.

Friday, May 28, 2021
 
MoarCodePlz
answered 7 Months ago
68

Thanks to KevinB for pointing me in the right direction.

Turns out it wasn't the cookie setting like I thought, I ended up keeping that set to:

Allow local data to be set (recommended)

I remembered that

Google NOW

had recently been installed on my machine, and that I allowed it to run in the background when I did not have my browser open, I believe this was the culprit to my session cookies not being cleared.

What ended up fixing this issue was to uncheck the:

Continue running background apps when Google Chrome is closed

setting under the SYSTEM section.

Hope this helps save some headaches....

Wednesday, August 11, 2021
 
previous_developer
answered 4 Months ago
41

let me give you a solution. i have used the cookies for storing most of the values here and is very much working in all browsers and is stored for the particular mentioned time. for this i have used static classes to be accessible every where.

I have also encoded and decoded here. but you can store this by removing encoding and decoding and passing normal. Here's my code

Here i put my class with the static methods. I used HttpSecureCode with Encode and Decode using machine key cryptography. which might not be available by default in this case. you can directly put the value instead.

If you are very particular about using HttpSecureCode then use this link for building up your class

public class CookieStore
{
    public static void SetCookie(string key, string value, TimeSpan expires)
    {
        HttpCookie encodedCookie = HttpSecureCookie.Encode(new HttpCookie(key, value));

        if (HttpContext.Current.Request.Cookies[key] != null)
        {
            var cookieOld = HttpContext.Current.Request.Cookies[key];
            cookieOld.Expires = DateTime.Now.Add(expires);
            cookieOld.Value = encodedCookie.Value;
            HttpContext.Current.Response.Cookies.Add(cookieOld);
        }
        else
        {
            encodedCookie.Expires = DateTime.Now.Add(expires);
            HttpContext.Current.Response.Cookies.Add(encodedCookie);
        }
     }
    public static string GetCookie(string key)
    {
        string value = string.Empty;
        HttpCookie cookie = HttpContext.Current.Request.Cookies[key];

        if (cookie != null)
        {
            // For security purpose, we need to encrypt the value.
            HttpCookie decodedCookie = HttpSecureCookie.Decode(cookie);
            value = decodedCookie.Value;
        }
        return value;
    }

}

using these you can easily store values in cookie and fetch value whenever required

using these methods is as simple as

For Setting Cookie:

CookieStore.SetCookie("currency", "GBP", TimeSpan.FromDays(1)); // here 1 is no of days for cookie to live

For Getting Cookie:

string currency= CookieStore.GetCookie("currency");
Monday, August 23, 2021
 
Marco Pierucci
answered 4 Months ago
67

The main difference is that when you use cookie[:foo] = 'bar' the user is able to see the value for the cookie, i.e. 'bar'. When you use session[:foo] = 'bar' the value will be encrypted by rails and stored in the _myapp_session cookie.

You would use the cookie[] format when the information you want to store is not bound to the session, e.g. when the users selects the preferred language.

You would use the session[] format when you want to store information that is related to the current session, e.g. the id of the the user.

Friday, September 3, 2021
 
Ramazan Polat
answered 3 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :  
Share