CODEWITHSUNDEEP
phpgoogle-chromesessioncookies
Nadav
Nadav

Reputation: 1145

Chrome not destroying native session on window close

I have encountered a troubling issue: chrome is not destroying native sessions when closing tabs or the entire chrome browser. This happens if the "continue where you left" option is selected in Chrome's settings. I would like to find a way to make sure Chrome is destroying the session (deleting the session cookie) regardless of how users configure their individual Chrome settings.

Here is a sample code I am using to test the existence of a session:

<?php 
    session_start(); 
    if ( isset($_SESSION['check'])) echo 'An active session was found.';
    else
    {
        $_SESSION['check'] = TRUE;
        echo 'An inactive session was found and activated.';
    }
?>

To test the session-destroying functionality of the browser I open this code in a browser, then close the browser and reopen it. The output after this process is as follows:

Firefox: An inactive session was found and activated.
Explorer: An inactive session was found and activated.
Chrome: An active session was found.

How can I make sure the session is properly destroyed when the tab or browser are closed?

Upvotes: 0

Views: 613

Answers (1)

zerkms
zerkms

Reputation: 254916

From how I interpret the RFC 6265 browsers are not required to drop so called "session cookies" (those that don't have expiration date set) on their process shutdown.

So it makes sense to not rely on a particular implementation but on specification.

In your case it means: it's not possible to do what you want; you need to rethink your solution.

Upvotes: 1

Related Questions