Using Google Translate, I think this report is complaining that users can (via Settings) configure which sites to delete cookies for when exiting Chrome, but Chrome session restore (when you turn off or reboot your computer) does not respect this and leaves web pages open and signed in.

 pauljensen - exactly

Note that this would be considered a privacy issue, not a security bug.  If someone can log into your local system and use chrome, they can do all sorts of things, like install extensions that secretly safe cookies, or just change the option to clear cookies.

If Chrome doesn't exist cleanly, it can't delete cookies (Since it's no longer running).  If this is a clean system shutdown, though, seems like we should be deleting them.  Not sure who owns this code, currently.

Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Still available.

As discussed above, Chrome can't delete cookies if it doesn't exit cleanly, however, there are still some mitigations to explore such as finishing the cleanup on startup.

I looked into this issue and it seems like SessionOnly cookies are only deleted if the Browser is closed with Menu->Exit. 

The cookies aren't cleared on system shutdown but they are also not cleared if the last window of Chrome is closed.

DeleteSessionOnlyData() is called from different places each time. I created a document with stacktraces:
https://docs.google.com/a/google.com/document/d/1vfre7kA6gpQjfosWy3W0SV71psPs8Qt5pgkDxZBgpeg/edit?usp=sharing

Sounds like this is a sessions issue, rather than something cookie-specific.

Curiously, that IsTryingToQuit check has been around since that class was added, back in https://codereview.chromium.org/25414005/, with no questions or comments about the shutting down check.

[+sammc]:  Don't suppose you can remember the reason for the IsTryingToQuit check?

I removed the IsTryingToDelete check and it looks like everything is working fine when I close Chrome in various ways. 
 
The only issue seems to be that DeleteSessionOnlyData() would be executed twice if Chrome is closed via Menu->Exit.

https://chromium-review.googlesource.com/c/chromium/src/+/641458

After playing with different kinds of cookies and closing Chrome in different ways it seems like closing Chrome works fine but it is confusing:

1. Create SESSION_ONLY content setting for some domain
2. Create a cookie with expiration date

Menu>Exit -> SessionDataDeleter::Run is called and deletes cookies

Close Window -> SessionDataDeleter::Run is not called but cookies still disappear because
                QuotaPolicyCookieStore::~QuotaPolicyCookieStore does another round of cleanup

That means closing Chrome work correctly but I don't understand why SessionDataDeleter runs only in one of these cases.

Then there is another case: 
Chrome can be restarted without deleting sessions using e.g. chrome://restart, which calls UserSessionManager::AttemptRestart 
This disables QuotaPolicyCookieStore cleanup using QuotaPolicyCookieStore::SetForceKeepSessionState and relies on SessionDataDeleter being disabled through IsTryingToQuit, so we can't just remove this flag.

I'm still not sure what is happening on shutdown or logout and will try to investigate this more.

Issue 827820 has been merged into this issue.