I'm developing an app on localhost using:
Google Chrome 33.0.1750.154 m
XAMPP Version 1.8.3
I've been using these for a while now and today all of a sudden Chrome is not clearing
session cookies when I close the browser (all windows), even after I restart my machine,
session cookies are still set from last session.
I have this code at the top of my page:
Which worked fine, redirecting me to the login page after the browser has been closed, up until a few hours ago.
Tested IE10, IE11, and FF and they DO NOT exhibit the same behavior, they are clearing
session cookies as expected.
I have also verified that the
Continue where I left off...
setting is unchecked.
Thanks to KevinB for pointing me in the right direction.
Turns out it wasn't the cookie setting like I thought, I ended up keeping that set to:
Allow local data to be set (recommended)
I remembered that
What ended up fixing this issue was to uncheck the:
Continue running background apps when Google Chrome is closed
setting under the SYSTEM section.
Hope this helps save some headaches....
The "Continue running background apps" option may work, but we cannot expect the users (clients) to do this with their Chrome web browser. My solution was as follows: They click the "Log out" button - this takes them to a page that is pure PHP (no html code) that is scripted:
<?php session_start(); $_SESSION=array(); $cookie_parameters=session_get_cookie_params(); setcookie(session_name(),'',time() -86400,$cookie_parameters['path'], $cookie_parameters['domain'],$cookie_parameters['secure'],$cookie_parameters['httponly']); session_destroy(); header('Location: logout_exit.php'); ?>
The "header" part of the code takes them (instantly) to the page "logout_exit.php" (You name your page whatever you like, and can have .html extension rather than .php) And this page is pure html (no php!). Now at this point, if you look in Chrome for cookies, you will see that your cookie is still there! But click following image: Chrome shows cookie deleted, but still there!
The magic is to include a meta tag in your logout_exit.php page (in the header part of the html code) as:
<meta http-equiv="refresh" content="30">
Forcing the browser to automatically refresh (30 = 30 seconds, but choose whatever value you want). Once it's refreshed, if you now look in Chrome, it says "Cookies (0 in use)" and if you click that message, you find the cookie really has been cleared.
©2020 All rights reserved.