Chrome Doesn't Delete Session Cookies

Chrome doesn't delete session cookies

This can be caused by having Chrome set to Continue where you left off.

Further reading

• Bug report: Chrome is not deleting temporary cookies – i.e. not logging me out automatically when I close all browser Windows
• Issue 128513 in Chromium: Session Cookies not cleared when Chrome processes closed
• Issue 128567: Session only cookies don't delete

Chrome not clearing SESSION COOKIES on close/exit

Thanks to KevinB for pointing me in the right direction.

Turns out it wasn't the cookie setting like I thought, I ended up keeping that set to:

Allow local data to be set (recommended)

I remembered that

Google NOW

had recently been installed on my machine, and that I allowed it to run in the background when I did not have my browser open, I believe this was the culprit to my session cookies not being cleared.

What ended up fixing this issue was to uncheck the:

Continue running background apps when Google Chrome is closed

setting under the SYSTEM section.

Hope this helps save some headaches....

workaround for session cookies not being removed in chrome

You can maybe use sessionStorage to store your flag? http://www.w3schools.com/html/html5_webstorage.asp

Or is this information required to be sent to the server on every request?

Google Chrome Session Cookie's Workaround

Taking from other posts on stackoverflow as well as taking the comments on my question about re-working the app, I combined some posts to clear cookies and the session variables after 1 hour.

Credit:

• How do I expire a PHP session after 30 minutes?
• Best way to completely destroy a session - even if the browser is not closed

• http://php.net/manual/en/function.setcookie.php

  if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 3600)) {
  
      if (ini_get("session.use_cookies")) {
          $params = session_get_cookie_params();
          setcookie(session_name(), '', time() - 42000,
              $params["path"], $params["domain"],
              $params["secure"], $params["httponly"]
          );
      }
  
      if (isset($_SERVER['HTTP_COOKIE'])) {
          $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
          foreach($cookies as $cookie) {
              $parts = explode('=', $cookie);
              $name = trim($parts[0]);
              setcookie($name, '', time()-1000);
              setcookie($name, '', time()-1000, '/');
          }
      }
  
      session_unset();
      session_destroy();
  
      echo '<script>window.location= "login.php?pre_action=session_expired";</script>';
  }
  $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
  

I delete cookies file in chrome but i'm still logged in after I restart Chrome

There are two main reasons why your browser ist still authenticating you: You may have not deleted the cookies (for example when deleting the file while Chrome was still running). Check that the Cookies actually have been deleted: In Chrome open the menu, then choose Settings, click "Show Advanced Settings", in the "Privacy" section, click "Content settings". The "Cookies" section should show them (or not).

Not all autologins operate through cookies. Chrome can store passwords and login-pages can still sit in the cache. So try this: Check that the passwords for the sites in question are not saved: In Chrome open the menu, then choose Settings, click "Show Advanced Settings", under "Passwords and forms", click "Manage passwords". Empty the cache: In Chrome open the menu, then choose History. Now you can "Clear Browsing Data".

Restore session cookies from google chrome userdir ( =20)

Hmm, there seems to be "Cookies" file in UserDir of Chrome:

Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\User Data\Default

Users\USERNAME\AppData\Local\Google\Chrome\User Data\Default

This file is in SQLite database (can be opened by many tools, for example sqlitebrowser.org/). There is table "cookies" with (at april 2015, M42 version in stable):

INTEGER creation_utc
TEXT host_key
TEXT name
TEXT value
TEXT path
INTEGER expires_utc
INTEGER secure
INTEGER httponly
INTEGER last_access_utc
INTEGER has_expires
INTEGER persistent
INTEGER priority
BLOB encrypted_value

"value" text field of many recent cookies is empty; cookie value is stored in encrypted_value BLOB (I think, there was switch to encrypted storage of cookies some time ago - commited in February 2014, issue 313323 - older cookies are stored unencrypted, even secure ones). Session cookies are in the file too.

Encryption is enabled for (MAC) OS X and Windows:

Encrypt all stored cookies on selected operating systems.

As part of the goal of protecting private user information, this encrypts the cookie values on operating systems with user-specific crypto APIs and that do not otherwise protect this data.

Performance tests indicate a penalty of about 1ms per cookie (regardless of size) on a Mac and 0.1ms to 0.7ms (depending on the size) under Windows. This will be higher on older hardware but still insignificant.

Encrypted data is binary (with an overhead of 128 bytes on Windows) and binary data must be stored in a BLOB so only one of two fields ("value" or "encrypted_value") will have data with the other being empty. Both values, however, need to be read & written when accessing a cookie because they are marked "non null").

There are several decryption tools on overflow:
* For Windows: Encrypted cookies in Chrome
* For Linux and OS X: Decrypt Chrome Linux BLOB encrypted cookies in Python; Decrypting Chromium cookies

There is also "Current Session" file, protected when Chrome is running with 0x534e5353 0x01 (SNSS\0x01) magic. Some info about format is here: https://github.com/JRBANCEL/Chromagnon/wiki/Reverse-Engineering-SNSS-Format (source - chrome/browser/sessions/session_command.h)

---

Related Topics