I'm developing an app on localhost using:
Google Chrome 33.0.1750.154 m
XAMPP Version 1.8.3
I've been using these for a while now and today all of a sudden Chrome is not clearing session cookies
when I close the browser (all windows), even after I restart my machine, session cookies
are still set from last session.
I have this code at the top of my page:
<?php
session_start();
if(!isset($_SESSION['userID']))
{
echo "<script>alert('Username does not exist')</script>";
echo '<script type="text/javascript"> window.location="login.html";</script>';
exit(1);
}
?>
Which worked fine, redirecting me to the login page after the browser has been closed, up until a few hours ago.
NOTE:
Tested IE10, IE11, and FF and they DO NOT exhibit the same behavior, they are clearing session cookies
as expected.
I have also verified that the
Continue where I left off...
setting is unchecked.
On your computer, open Google Chrome. Settings. Cookies and other site data. Turn on Clear cookies and site data when you close all windows.
Go to Google Chrome in Computer Configuration. Double-click on the Clear Browsing Data on Exit setting. Choose the Enabled option.
In the Internet Options window, make sure the General tab is selected. In the Browsing history section, check the box next to Delete browsing history on exit (A). Click Apply (B), then click OK (C).
Thanks to KevinB for pointing me in the right direction.
Turns out it wasn't the cookie setting like I thought, I ended up keeping that set to:
Allow local data to be set (recommended)
I remembered that
What ended up fixing this issue was to uncheck the:
Continue running background apps when Google Chrome is closed
setting under the SYSTEM section.
Hope this helps save some headaches....
The "Continue running background apps" option may work, but we cannot expect the users (clients) to do this with their Chrome web browser. My solution was as follows: They click the "Log out" button - this takes them to a page that is pure PHP (no html code) that is scripted:
<?php
session_start();
$_SESSION=array();
$cookie_parameters=session_get_cookie_params();
setcookie(session_name(),'',time() -86400,$cookie_parameters['path'],
$cookie_parameters['domain'],$cookie_parameters['secure'],$cookie_parameters['httponly']);
session_destroy();
header('Location: logout_exit.php');
?>
The "header" part of the code takes them (instantly) to the page "logout_exit.php" (You name your page whatever you like, and can have .html extension rather than .php) And this page is pure html (no php!). Now at this point, if you look in Chrome for cookies, you will see that your cookie is still there! But click following image: Chrome shows cookie deleted, but still there!
The magic is to include a meta tag in your logout_exit.php page (in the header part of the html code) as:
<meta http-equiv="refresh" content="30">
Forcing the browser to automatically refresh (30 = 30 seconds, but choose whatever value you want). Once it's refreshed, if you now look in Chrome, it says "Cookies (0 in use)" and if you click that message, you find the cookie really has been cleared.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With