When does a cookie with expiration time 'At end of session' expire?

Question

There is a session cookie with expiration time which says 'At end of session'. When exactly does it expire or will it be alive forever?

This is entirely up to the user agent, i.e. the user's browser, but usually, that will indeed be when the browser is closed. — caw, Jul 13 '16 at 00:18

James · Answer 1 · 2016-08-31T12:52:01.800

104

Cookies that 'expire at end of the session' expire unpredictably from the user's perspective!

On iOS with Safari they expire whenever you switch apps!

On Android with Chrome they don't expire when you close the browser.

On Windows desktop running Chrome they expire when you close the browser. That's not when you close your website's tab; its when you close all tabs. Nor do they expire if there are any other browser windows open. If users run web apps as windows they might not even know they are browser windows. So your cookie's life depends on what the user is doing with some apparently unrelated app.

edited Aug 31 '16 at 12:52

answered Apr 05 '16 at 09:09

James

5,635
2
33
44

1

That's not my observation on iOS (10.2.1) – Myster Jun 06 '17 at 22:41
1

@Myster thanks for the observation. My observations were from older version. What does iOS 10.2.1 do? – James Jun 12 '17 at 11:29
2

i just want to add that it doesn't expire on Chrome for Mac. though i've set it as "continue where you left". but, i've already closed the browser tab for that domain, then restarted Chrome. the session cookie i set still exists. – bonbon.langes Sep 12 '17 at 11:45
This is useful to know. – Raimonds Apr 04 '18 at 11:32
4

Is there a good website documenting the different behavior? – Benedikt Sep 02 '20 at 11:57
2

@Benedikt https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie – C-Y Oct 22 '21 at 04:37

score 72 · Accepted Answer · edited Apr 13 '21 at 22:17

72

When you use setcookie, you can either set the expiration time to 0 or simply omit the parameter - the cookie will then expire at the end of session (ie, when you close the browser).

edited Apr 13 '21 at 22:17

syntagma

23,346
16
78
134

answered Nov 09 '10 at 09:28

mingos

23,778
12
70
107

The case is:- I have two pages which uses different cookies. one is set to expire in 30 minutes and another is set to At end of session. suppose Both cookie are active right now but I am viewing a page for which we set 30 minutes and I have not gone to another page for a while. What this means? Is it something like a closing browser for the page which I have not viewed? – Shakti Singh Nov 09 '10 at 09:47
6

Please forgive me, I don't understand the question :/ Page A has a cookie with expire time = 0, page B has a cookie with expire time = 30 minutes. This means that if you close your browser, cookie A will be deleted, but cookie B will stay. If you don't close the browser in 30 minutes, cookie B will expire, but cookie A will remain active. Even if cookie B expires while you're viewing page B, nothing will happen in most cases, as the cookie will probably recreated as soon as you reload the page or visit another one within the same site. I hope at least some of this answers your question :| – mingos Nov 10 '10 at 23:42
@mingos I am wondering why, when I only close the tab, I lose the cookie. I thought it was supposed to die when you close the browser? – IPSDSILVA Jun 27 '20 at 00:23
Note that I posted the original answer 10 years ago. Back then, process separation between browser tabs was not present in all browsers (I think only Chrome had this feature back then, though I'm not 100% sure about Firefox). So essentially, closing the browser was synonymous with "ending the process running the browser", while closing the tab wasn't guaranteed to be. Nowadays a tab is a separate process and I would risk a wager that this is what's going on in your case: when you close the tab, you end the process, so temp data and session storage are cleared. – mingos Jun 29 '20 at 10:30
1

To follow up: I'm only guessing, so take my above comment with a grain of salt. All in all, I think we can agree on the fact that the "browse session" is not clearly defined between browsers and devices, so it's implemented in a rather unpredictable manner. Please compare with the other answers in this thread. – mingos Jun 29 '20 at 10:34
So user can save the cookie value before closing the browser and reuse it forever by reusing the same value again? – Muhammad Saqib Jan 24 '22 at 17:51

score 18 · Answer 3 · edited Jan 08 '16 at 19:03

Just to correct mingos' answer:

If you set the expiration time to 0, the cookie won't be created at all. I've tested this on Google Chrome at least, and when set to 0 that was the result. The cookie, I guess, expires immediately after creation.

To set a cookie so it expires at the end of the browsing session, simply OMIT the expiration parameter altogether.

Example:

Instead of:

document.cookie = "cookie_name=cookie_value; 0; path=/";

Just write:

document.cookie = "cookie_name=cookie_value; path=/";

score 9 · Answer 4 · edited May 28 '15 at 18:07

9

End of the user session means when the browser is shut down.

Read this: http://en.wikipedia.org/wiki/HTTP_cookie#Expires_and_Max-Age

edited May 28 '15 at 18:07

robisrob

940
12
23

answered Nov 09 '10 at 09:28

shamittomar

46,210
12
74
78

9

Not anymore. Chrome 80.0.3987.122 on Win10 can shut down and when you turn it on, it restores session. In other words, you have to log out, to make sure account is shut. – Jeffz Mar 02 '20 at 09:54

score 0 · Answer 5 · answered Mar 29 '23 at 11:53

If I set a session cookie, then close the tab, then also close the browser and restart, the cookie is still present.

This is really a browser configuration, see here: Chrome doesn't delete session cookies

I tested this with Chrome and Firefox in Fedora Linux.

When does a cookie with expiration time 'At end of session' expire?

5 Answers5

Linked