Session cookies persist after browser closed
I use a web page that stores session cookies to handle authorization. Once I found it does not ask authorization after a weeks since last one. Cookies view shows one with authorization token with Expires: Session setting. Is it a bug?
Also browser does not clear opened tabs if was not closed manually, but with the system shutdown. Otherwise tabs are cleared OK. Session cookies are not cleared both ways.
Such behaviour appeared near a December 2019, after some Firefox update. How can I fix cookies problem, and if related tabs problem too?
Gewysig op
All Replies (3)
You need to logout properly to clear the session ID on the server and close tabs when you exit/quit Firefox because otherwise this session data (cookies) is stored in sessionstore.jsonlz4 and restored on the next start. Letting Windows close the browser will even more likely cause such issues because you aren't closing the session, so session cookies do not expire.
cor-el said
otherwise this session data (cookies) is stored in sessionstore.jsonlz4 and restored on the next start
This violates Expires cookies contract. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
As I described such behaviour introduced about 2 months ago, so it should be considered as bug.
Any developers can comment here? Or I should open ticket on bugtracker instead?