New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 647408 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: ----



Sign in to add a comment

Cookies were kept after restart

Reported by gnexusfi...@gmail.com, Sep 15 2016

Issue description

PRIVACY ISSUE
I have privacy options set to "keep cookies until I quit browser", however, if in some cases I restart my PC without first closing the browser, cookies are kept after I re-open the Chrome, sometimes. I see it as a security threat also, because some sites (eg. Facebook) keep your login status in a cookie, but what if in some cases the browser needs to use cookies for a session (eg. some corporate environment?) however would like them to be deleted and they are not, security risk is there.

VERSION:
Version 53.0.2785.101 m (64-bit) Stable
Operating System: Windows 7 SPI x64, was also able to reproduce in Linux

REPRODUCTION STEPS
Dont quit the browser by close button, instead kill the task with Task manager or just restart the PC, and you can clearly see that in some of the cases cookies are kept, even though the privacy setting is set to keep them for a session.
 

Comment 1 by battre@chromium.org, Sep 16 2016

Components: Internals>Network>Cookies

Comment 2 by mmenke@chromium.org, Sep 16 2016

Cc: msramek@chromium.org bauerb@chromium.org mkwst@chromium.org
CCing a couple people from chrome/browser/browsing_data/OWNERS (Though maybe this should go to a settings owner?  No idea who owns thus stuff)

Comment 3 by mmenke@chromium.org, Sep 16 2016

I think it's worth noting we can't really guarantee anything here, unless we don't save cookies on disk at all when that option is enabled, which would be a pretty big change (And when what do we do when the option is toggled on/off at runtime?  Ick).
Labels: OS-All
Status: Available (was: Untriaged)
This is something worth looking into, although I must reiterate mmenke@'s assessment. Once we save something to the disk, it's difficult to guarantee that we'll succeed to delete it.

Perhaps we could have some kind of mechanism at startup that audits cookies which weren't deleted on shutdown and tries to delete them again. But I'm not that familiar with the area, I think bauerb@ will be.

Otherwise, I can only recommend Incognito if you need to be sure that cookies (and other data) will be deleted at the end of the session.
Project Member

Comment 5 by sheriffbot@chromium.org, Sep 27 2017

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Cc: dullweber@chromium.org
Owner: dullweber@chromium.org
Status: Assigned (was: Untriaged)
Tentatively assigning to dullweber@, who's been investigating when this could happen and if it does often.

Sign in to add a comment