Chrome is accessing links in webpages that were not clicked

Question

I spent the day debugging my website, because I seem to be getting randomly logged out, but just on Chrome on Android.

After reviewing the server logs, I see requests from my Android tablets IP hitting my server for links that I never clicked on. After some experimentation I see every couple of links I click, Chrome will fetch another link at random in the page that was not clicked.

The issue is that there is an a link in the page with an href="logout" which will sign in, and Chrome calls this all on its own, disconnecting the session. I suppose if I changed the link to call a POST operation Google would not fetch it, but I can't see why Google would be fetching links that were not clicked.

This is very odd, and does not occur on Firefox, or Chrome on Windows.

Not sure if this is some sort of virus on the tablet, or some thing Google is doing to check the content of pages that it would not have access to without the session. I have seen Google do this before, but only when there were Google ads in the page, then Google would fetch the links twice so that it could get the page content to choose the ad. This seems a huge privacy issue, as Chrome is fetching private data from the session.

Answer 1

So the issue is that Chrome is using a new feature "prefetching". This is a "feature" that will have Chrome randomly fetch any linked URL from the page. This seems like a very error prone "feature" for Chrome to enable by default. Seems like it could give the user cached or stale data, or change the server's state causing obscure difficult to debug issues. This will also use double the amount of the user's data (and server's CPU), which you would think would not be desirable to most users that pay for their data.

I confirmed this by disabling the feature in Chrome. My solution was to switch the logout call to use a POST through a element.

See, https://www.technipages.com/google-chrome-prefetch