Cookie set via JS to expire when the browser closes isn't expiring

Question

Testing in Firefox and Safari, I've tried both of the following lines. Each sets the cookie, but neither approach expires the cookie after I've closed (then re-opened) the browser. The browser's cookie info says "test" is set to expire, "At end of session", but it doesn't happen.

There are some similar posts about this (e.g, When does a cookie with expiration time 'At end of session' expire?) but nothing has helped or is about setting the the cookie via JavaScript specifically like I'm doing.

// fails to expire after browser closing
document.cookie = "test=1; expires=0; path=/";

// fails to expire after browser closing
document.cookie = "test=1; path=/";

This is interesting. Maybe this is due to some content security setting, e.g., the cookie was initially set in the server response header, and the 'httpOnly' flag was set. Is your server sending set-cookie headers? — lxe, Mar 20 '16 at 22:23
@lxe It actually turned out to be pretty silly. I didn't realize that when you "close" the browser on a mac, there's still a browser process kept alive. You have to explicitly quit the browser. Once I did that, the cookie was gone. — Jim Smith, Mar 22 '16 at 03:18
In Chrome session cookies may not be deleted if the option "Contnue where you left off" is selected in the Browser settings. — Alexander Pravdin, Dec 27 '18 at 08:45

score 0 · Answer 1 · answered Mar 20 '16 at 22:52

0

The expires tag wants to get an UTC-Datestring. You can just use some simple functions I wrote:

setCookie = function(attrib, value, exp_days) {
  var dt = new Date();
  dt.setTime(dt.getTime() + (exp_days*86400000)); // Convert days to ms
  document.cookie = attrib + "=" + value + "; expires=" + dt.toUTCString(); // add attrib=value to the cookie and set an expiration date
}

getCookie = function(attrib){
  var split_cookie = document.cookie.split("; ");
  attrib+="=";
  for(var i=0; i<split_cookie.length; i++)
    if(~split_cookie[i].indexOf(attrib)) // if the attribute is somewhere in the cookie string
    // im using an ugly bitflip operator here, it could as well be an if(...!=-1)
      return split_cookie[i].substring(attrib.length + split_cookie[i].indexOf(attrib),split_cookie[i].length);
  return "";
}

removeCookie = function(attrib){
  setCookie(attrib, "", -1);
}

If you use the removeCookie() function, the value of attrib will be deleted when the current page is left.

answered Mar 20 '16 at 22:52

Chemistree

432
6
11

Thanks. Sadly the same result. What exactly should exp_days be set to if I want it to expire when the browser closes? I've tried 0, 1, -1 and leaving it empty. As for the removeCookie function, I do not want to have to explicitly remove anything. Shouldn't the browser closing automatically take care of the "removing" for me? One thing - I do now see that even after I close the browsers, they still leave a process running. Only once I kill that process, do I find the cookies have finally expired. So, the question is - Is there a browser setting that's causing the session/process to persist? – Jim Smith Mar 21 '16 at 01:44
Update: The open processes were because I'm on Mac, that leaves them open after I've closed the browser. So, my only remaining question again is What exactly should exp_days be set to if I want it to expire when the browser closes? I notice a number like 31572500 works, but why? If 1 means it expires tomorrow, then shouldn't 31572500 expire 31572500 days from now, not at the end of the session? – Jim Smith Mar 21 '16 at 02:16
The Cookie is removed when its value is false ("") or when the value of expires is reached. removeCookie does both of this, so the cookie will be gone when reloading the page (-1 means yesterday, so it will be passed. I'm not sure why 31572500 works, if it isnt an overflow it will probably just result in an invalid date). – Chemistree Mar 22 '16 at 06:49
If you are not sure when you need the cookie anymore, you could just save the value using `let cookieValue = getCookie("name")`, then instantly remove the cookie using `removeCookie("name")` and then use cookieValue to do whatever you want. Once you close your browser, the cookie is already gone and the value of the variable is dropped. – Chemistree Mar 22 '16 at 06:49
Storing cookie value in a variable and dropping cookie itself mean its value will be lost on any page reload, not on browser close. – Alexander Pravdin Dec 27 '18 at 01:18
@AlexanderPravdin That's wrong. https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie – Chemistree Dec 27 '18 at 08:05
@Chemistree I can't find anything about variables available across page loads in the page you provided. Could you mention the exact place on the page please? – Alexander Pravdin Dec 27 '18 at 08:43
@AlexanderPravdin document.cookie is not a normal variable. Literally the first paragraph states "Document.cookie Get and set the cookies associated with the current document." The rest of the page is explaining how to do that exactly. – Chemistree Dec 27 '18 at 08:45
@AlexanderPravdin that is, assignig to document.cookie will add a cookie, reading from it yields a list of all cookies. – Chemistree Dec 27 '18 at 08:48
You were telling about storing cookie value in the local variable let cookieValue = ... and removing cookie itself. I mentioned this will work unless the page is reloaded. On page reload the cookieValue will be lost. I can't understand what are you talking about now, sorry. – Alexander Pravdin Dec 27 '18 at 08:50
@AlexanderPravdin well nobody said that this will persist after a page reload - you may want to read that again. – Chemistree Dec 27 '18 at 09:17
That's the nonsense regarding to the Author's question. Doesn't it? – Alexander Pravdin Dec 27 '18 at 11:33

score 0 · Answer 2 · answered Mar 22 '16 at 22:23

0

I didn't realize that when you "close" the browser on a mac, there's still a browser process kept alive. You have to explicitly quit the browser. Once I did that, the cookie was gone.

answered Mar 22 '16 at 22:23

Jim Smith

161
5
18

score 0 · Answer 3 · answered Oct 20 '21 at 20:13

"Warning: Many web browsers have a session restore feature that will save all tabs and restore them the next time the browser is used. Session cookies will also be restored, as if the browser was never closed."*

You could try using Max-Age=0

"A zero or negative number will expire the cookie immediately."*

*Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

Cookie set via JS to expire when the browser closes isn't expiring

3 Answers3