2

When the user logs in the session cookie expiration value is missing. Therefore when the session begins it ends immediately. This only happens in Chrome, I am using the latest version of Chrome 71.035.

This was working fine until the 27th, and there has been no change to code in any way for the last 3 weeks.
The session expiration value is present in Firefox and IE and it works absolutely fine there.

Below are the response cookies:

In Chrome:
Set-Cookie: arkku.session_until=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000; secure; HttpOnly; SameSite=Lax

Set-Cookie: arkku.session=BAh7BkkiD3Nlc3Npb25faWQGOgZFVEkiRWY1NWM4ZWE3OTQwNGY2OTRiYjQx%0ANGU0ZWRlZDQ2Mzc1ZWI4YjcxMDU2NzhiOWY2YzlkNzZmMGEzOThkM2QyMzcG%0AOwBG%0A--28332b90945ff110102d7869ab31458d3583798d; path=/; expires=Sun, 31 Mar 2019 08:43:10 -0000; secure; HttpOnly; SameSite=Lax

In Firefox:
Set-Cookie: arkku.session_until=IjIwMTgtMTItMzFUMTI6MzQ6NTErMDI6MDAi--bde9eb54c68113310441353c9547b8a2d501835d; path=/; secure; HttpOnly; SameSite=Lax

Set-Cookie: arkku.session=BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiRTRlZmU3NjU4OWQzYTFiZmFmMmEz%0AYWFmZjA3ZTU1YzM3MzI3Yzc3YTJjYjI0YjBkNjBmNWM4NWQ1ZjgwMDk0MDIG%0AOwBGSSIPYXJra3VfdXNlcgY7AEZDOhdPbW5pQXV0aDo6QXV0aEhhc2h7CUki%0ADXByb3ZpZGVyBjsARkkiGWF6dXJlYWN0aXZlZGlyZWN0b3J5BjsARkkiCHVp%0AZAY7AEZJIjBWem9POFg3RmNEalp0M2s1ZDVlaExjejlybEtpejJCRmp1ZWdZ%0ASXVlMktvBjsAVEkiCWluZm8GOwBGQzohT21uaUF1dGg6OkF1dGhIYXNoOjpJ%0AbmZvSGFzaHsHSSIJbmFtZQY7AEZJIhFIYW16YSBXYWhlZWQGOwBUSSIKZW1h%0AaWwGOwBGSSIcaGFtemEud2FoZWVkQHNhbm9tYS5jb20GOwBUSSIPdXNlcmdy%0Ab3VwcwY7AEZDOwZ7BkkiDnVzZXJncm91cAY7AEZJIgpBRE1JTgY7AFQ%3D%0A--93133ef84469a8230c43d31950da38be7925bf27; path=/; expires=Sun, 31 Mar 2019 09:04:51 -0000; secure; HttpOnly; SameSite=Lax

As you can see the arkku.session_until value in Chrome is missing.

I have noticed that the arkku.session_until value is returned null in response to an ajax request, this cookie value is present in the request headers.

Hamza Sanoma
  • 21
  • 2
  • When I had this problem, it was mostly caused by some extension, e.g. "privacy badger". Did you try it in a pristine chrome profile? – moritz Dec 31 '18 at 17:08
  • I have tried with disabling all my extensions on chrome and still the same issue. – Hamza Sanoma Jan 03 '19 at 10:19

1 Answers1

1

This can be caused by having Chrome set to "Continue where you left off."

enter image description here

Check under Settings > On startup > Continue where you left off.

Other possible causes:

  • Your environment uses an http endpoint but requires https in the web.config

    < httpCookies httpOnlyCookies="true" requireSSL="true" />

(Chrome52+ and Firefox52+ can't set insecure http sites with the secure directive anymore, so expiration requests will be ignored by the browser.)

Marilee Turscak - MSFT
  • 7,367
  • 3
  • 18
  • 28