RoR sessions in ubuntu's chrome

Question

I have a problem with sessions in ruby-on-rails. It appears when using Chrome(27.0.1453.93) and Ubuntu 12.10.

Here is my code:

if remember == '1'
      cookies.permanent.signed[:remember_token] = [user.id, user.salt]
    else
      session[:remember_token] = [user.id, user.salt]
    end

I log in without 'remember', then I restart Chrome (on Ubuntu), and session data is not lost, meanwhile restarting Mozilla clears session data.

Could you explain what is happening here, please?

I want to have the same behavior in both browsers!

score 1 · Accepted Answer · edited May 23 '17 at 11:50

This is because Chrome is (incorrectly, from a security standpoint) not releasing the session cookie after closing. See Chrome doesn't delete session cookies for more info on this. Note that if FireFox crashes and offers to 'restore the open sessions' for you, it will do a similar thing (again, incorrectly). Other popular browsers don't appear to have this issue at this time.

This incorrect behavior isn't likely to be fixed anytime soon either - see http://code.google.com/p/chromium/issues/detail?id=128513

RoR sessions in ubuntu's chrome

1 Answers1