Chrome not clearing SESSION COOKIES on close/exit

Question

I'm developing an app on localhost using:

Google Chrome 33.0.1750.154 m

XAMPP Version 1.8.3

I've been using these for a while now and today all of a sudden Chrome is not clearing session cookies when I close the browser (all windows), even after I restart my machine, session cookies are still set from last session.

I have this code at the top of my page:

<?php
session_start();
if(!isset($_SESSION['userID']))
{
        echo "<script>alert('Username does not exist')</script>";
        echo '<script type="text/javascript"> window.location="login.html";</script>';
        exit(1);
}
?>

Which worked fine, redirecting me to the login page after the browser has been closed, up until a few hours ago.

NOTE:

Tested IE10, IE11, and FF and they DO NOT exhibit the same behavior, they are clearing session cookies as expected.

I have also verified that the

Continue where I left off...

setting is unchecked.

Anybody know what's going on here and how to fix it?

Answer 1

Thanks to KevinB for pointing me in the right direction.

Turns out it wasn't the cookie setting like I thought, I ended up keeping that set to:

Allow local data to be set (recommended)

I remembered that

Google NOW

had recently been installed on my machine, and that I allowed it to run in the background when I did not have my browser open, I believe this was the culprit to my session cookies not being cleared.

What ended up fixing this issue was to uncheck the:

Continue running background apps when Google Chrome is closed

setting under the SYSTEM section.

Hope this helps save some headaches....

Answer 2

The "Continue running background apps" option may work, but we cannot expect the users (clients) to do this with their Chrome web browser. My solution was as follows: They click the "Log out" button - this takes them to a page that is pure PHP (no html code) that is scripted:

<?php
 session_start();
 $_SESSION=array();
 $cookie_parameters=session_get_cookie_params();
 setcookie(session_name(),'',time() -86400,$cookie_parameters['path'],
 $cookie_parameters['domain'],$cookie_parameters['secure'],$cookie_parameters['httponly']);
session_destroy();
header('Location: logout_exit.php');
?>

The "header" part of the code takes them (instantly) to the page "logout_exit.php" (You name your page whatever you like, and can have .html extension rather than .php) And this page is pure html (no php!). Now at this point, if you look in Chrome for cookies, you will see that your cookie is still there! But click following image: Chrome shows cookie deleted, but still there!

The magic is to include a meta tag in your logout_exit.php page (in the header part of the html code) as:

<meta http-equiv="refresh" content="30">

Forcing the browser to automatically refresh (30 = 30 seconds, but choose whatever value you want). Once it's refreshed, if you now look in Chrome, it says "Cookies (0 in use)" and if you click that message, you find the cookie really has been cleared.