Evan
Reputation: 6123
When are session cookies deleted by the browser?
If I set a cookie as a session cookie (no expires/max-age value), when does the browser remove the cookie?
I know that it is removed when the browser is closed but I'd like to know if there is ever a case where a session cookie can timeout or expire before the browser is closed.
Upvotes: 11
Views: 6119
Answers (1)
CodeCaster
Reputation: 151586
To quote RFC 6265:
If a cookie has neither the Max-Age nor the Expires attribute, the user agent will retain the cookie until "the current session is over" (as defined by the user agent).
And:
The user agent is not required to retain the cookie for the specified duration. In fact, user agents often evict cookies due to memory pressure or privacy concerns.
So: your mileage may vary.
Upvotes: 14
Related Questions
- When will my cookie actually expire?
- How to delete cookies on an ASP.NET website
- What is the lifetime for a session cookie?
- If you don't set an expiration for a cookie, will it be lost when the browser is closed?
- ASP.Net delete/expire session cookies
- Where is session stored if cookie is disabled on client's machine? What is actually stored in session?
- Created cookie in code, deleted cookie from browser, page can still read the deleted cookie. How?
- Should a web browser delete all `session' (expiry = 0) cookies on exit?
- Authentication/Session cookie deleting after browser close
- if cookies are disabled, does asp.net store the cookie as a session cookie instead or not?