@Reporter: Does this happen for you on latest chrome stable 64.0.3282.186? Also please let us know on which OS you are seeing this issue? This would help in further triaging of the issue.

cc'ing proberge@ from https://groups.google.com/a/chromium.org/forum/#!topic/chromium-discuss/BaMULvuK674 for further inputs on this.

Thanks!

We should consider not showing the "Thanks for installing" splash screens for extensions installed through Chrome sync. 

@Reporter: can you please respond question from #3?

#4 That would be awesome! Who would be the right contact (from the extensions team) to take over this bug?

I can't believe this -- every single time Chrome releases an update (latest: Version 66.0.3359.117) I have to redesign my OpSec. NOW Chrome is completely amnesic. It doesn't remember any of my cookies or passwords. Starting up the browser is a real pain now. I have to re-login with password and 2FA to every site and Twitter sends me the "you just logged in from a new computer" email. Every single morning! 

The "security" feature of Chrome completely wiping all settings on startup is --> TERRIBLE <-- IS THERE A command line flag that can deactivate this destructive behavior PLEASE!?

Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Hi @pinheadmz. If I understand correctly, as of Chrome 66, your cookies and passwords are being reset on every startup when using --user-data-dir=/path/to/removable/device/?

This is surprising: I don't see any changes to src/chrome/browser/prefs/chrome_pref_service_factory.cc which would explain this new behavior. +gab to confirm whether resetting cookies and passwords was intentionally added in M66. 

Correct, since the update last week (Apr 18 or so?) Every time I boot up
chrome and go to Gmail.com I need to enter password and 2FA. Even clicking
yes on Chrome's "save password for this site" popup does not persist to the
next startup, even on the same machine.

I am using the --user-data-dir flag.
I am not "singing in" to chrome.
I am loading ALL my extensions (from disk, in developer mode) with
--load-extension as a work around for the lingering problem of chrome
wiping out all extensions. I found this to be more efficient than signing
in to chrome and letting the browser wipe out, then reinstall all my
extensions on every startup. This has been my workflow for the past few
months until this new obstacle.

Thanks for the clarification - that seems like a pretty serious issue. I'll try to repro it on my side. In the meantime, would you be able to test whether History and Bookmarks are also cleared on every boot up? 

Current theory: Chrome is disregarding the profiles on the removable storage and instead creates a completely new profile on startup. 

History and bookmarks are actually ok!

That's surprising! Do you happen to have some kind of Cookie manager extension or Password manager extension? Perhaps Chrome is delegating control of Cookies and/or Passwords to one of your extensions. 

Some other possibilities:
* Removable storage is getting full or prevents file creation; cookies & passwords files can't be written properly. Could you look on the removable storage whether a "Cookies" file exists in the same folder as your "History" file (should be in %user_data_dir%/Default). Does the file have a non-zero file size?
* The stored profile is somehow corrupted? Could you try to see if creating a new profile (through the user selector to the right of the tab bar) and entering passwords in that profile are properly saved on following startups?

Storage has 3 GB available. Cookies file is in right location with History file. Both of those were "created" on Feb 1, 2017 and modified (as expected) every minute Chrome is open.

Here's my startup bash script for launching Chrome with all my weird flags, and a log I captured of me booting up Chrome, logging in to twitter, restarting Chrome, and logging in to twitter again (it didn't remember me)

Deleted: chrome_debug.log 1.3 MB

chrome_debug.log 1.3 MB View Download

Deleted: zChrome.command 2.6 KB

zChrome.command 2.6 KB Download

Another silly question (please do look into the Cookie manager / Password manager extension question, as well as trying a new profile when you have the time)

Could you navigate to 
chrome://settings/content/cookies and double-check the settings there? If "Keep local data only until you quit your browser" is enabled, it would explain the issue you're seeing.

"Keep local data only until you quit your browser" is off (switch is to the
left, with grey slider)
I tried restarting with NO extensions loaded and got the same results.

Every time I start the browser, and then go to settings, I see:
"Some settings were reset / Chrome detected that some of your settings were
corrupted by another program and reset them to their original defaults.
Learn more"
... even if I haven't moved computers or ejected the removable storage or
anything.

I don't use a password manager or cookie manager but I DO have a few
privacy extensions that might be filtering tracking from Google (uBlock
Origin, Disconnect, Duck Duck Go Extension, HTTPS Everywhere, and NordVPN)
I also have my own home-made extension that just inserts hard-coded
passwords into certain low-security sites that don't even have "remember
me" options.

Thanks for trying out these theories. Did you get a chance to try creating a new profile as well? 

OHHHHH pay dirt! creating a new "person" worked!
My original Person 1 is buggy (corrupted?) but the brand new Person 2 is
stable and remembers what I'm logged in to!
THANK YOU SO MUCH for sticking with me on this. This is very interesting.

As per comment# 20 from the reporter, as the issue is not seen after creating new person(i.e. Person 2), hence closing it and marking it as won't fix.

@Reporter: Please feel free to raise a new issue if you see the issue again.

Thanks!

Update: the issue has NOT been fixed. When I moved to a new computer the
browser (even in the new identity "Person 2") was similarly amnesic.
Every time I restart Chrome, I need to log back in to Google with password
and 2FA, even if "remember password" and "don't ask again on this computer"
are checked.
The settings menu still consistently displays the message "Some settings
were reset / Chrome detected that some of your settings were corrupted by
another program and reset them to their original defaults. Learn more"

There is something fundamentally broken between the security checks Chrome
runs on startup, and the ability to use --user-data-dir

I think several messages ago @proberge mentioned that the "secure
preferences" are signed by the machine or something, and that key or some
of that security data IS NOT stored in the user data dir.

Thanks for the update. One thing that could be interesting: does this new computer have a different Chrome version than the original computer? Maybe the history and/or cookie file format changed from M65 to M66. We would have logic to port the file from the M65 format to M66, but not the other way around. When the file is stored in the M66 format, it would no longer be readable by Chrome M65. 

> I think several messages ago @proberge mentioned that the "secure
preferences" are signed by the machine or something, and that key or some
of that security data IS NOT stored in the user data dir.

Indeed. However, neither the cookies nor the history are stored in "secure preferences" so this sounds like a different issue.

Actually my executable .app is ALSO in my user data dir, so it's always the
same version of Chrome, which moves with me to each machine.
However, the OS versions on each machine might be different.
The bash command is thus:

open `dirname $0`/data/Google\ Chrome.app --args --user-data-dir=`dirname
$0`/data/ --enable-logging --v=1 --load-extension=$S;

Triage!  Looks like proberge@ is investigating this, so marking as assigned.

I did an experiment today to control as many variables as possible and run everything clean, shiny and new.

1) Format fresh USB drive, OSX journaled
2) Create folder "data" on new drive
3) Download latest Chrome: 66.0.3359.139 (64-bit) and drag executable into "data" folder
4) Create shell script "start.command" with following line, save, and `chmod a+x` so it's executable:
     open `dirname $0`/data/Google\ Chrome.app --args --user-data-dir=`dirname $0`/data/ --enable-logging --v=1;

TRIAL 1 - COMPUTER 1 (OSX 10.12.6):
5) Double-click start.command which opens Chrome (with args) for the first time
6) Log in to following sites, clicking "save password" from Chrome pop-up, check "remember me" and "don't ask again on this computer" for all the websites:
     a. Gmail (password + 2FA)
     b. Coinbase (password + 2FA)
     c. Facebook (password)
     d. Twitter (password)
7) Also bookmark all four sites, then navigate around www.newyorktimes.com a bit to generate history
8) Quit

TRIAL 2 - COMPUTER 1 - SAME COMPUTER:
9) Bookmarks and History are still intact from Trial 1
10) Log in to the same 4 websites: No problems or unexpected behavior
     a. Gmail, Coinbase, Facebook all skip login screen and go directly to home page, dashboard, etc.
     b. Twitter doesn't do this, but login and password were saved and pre-filled in the login screen
11) Quit
12) Eject USB drive

TRIAL 3 - COMPUTER 2 (OSX 10.12.6) - DIFFERENT COMPUTER:
13) Insert USB drive, double-click start.command to open Chrome with args
14) Bookmarks and History are still intact from Trials 1 & 2
15) chrome://settings/ displays warning "Chrome detected that some of your settings were corrupted by another program and reset them to their original defaults."
16) Attempt to log in to the 4 websites again
     a. All fail. Nothing remembered. My email address was "suggested" as I started typing it into the login forms but that's it
     b. Twitter and Coinbase even sent me warning emails "login detected from new computer"
17) Quit

I have attached the entire debug log from this entire process

Deleted: chrome_debug.log 2.6 MB

chrome_debug.log 2.6 MB View Download

Thanks proberge@ for helping here. I'm not aware of any changes in M66 in this regard and don't feel I can help much here. Feel free to add my back if you think I can help.

Thanks for the debug logs and the detailed repro steps, it will be very useful.

A quick note: I'm pretty swamped over the next few weeks, please don't expect that I'll be able to investigate and fix the issue anytime soon.

I have the same issue after migrating the Google folder in "~/Library/Application Support" to a different mac.

Is restoring a backup not something chrome supports?
I have no intention of using googles cloud services for this.

I'd really like a "--dont-treat-me-line-an-idiot" flag for chrome.

I get this a lot too: I have two Macs (one at work, one at home) which I boot from the same external drive. Every time I switch chrome gets upset. They're both desktop machines (iMac and Mac Mini) so I can't take one with me like I could with a laptop.

Booting from external drives is a supported way for Macs (unlike Windows) so it would be great to have a way to disable this.

> I'd really like a "--dont-treat-me-line-an-idiot" flag for chrome.

Don't we all :)

However, the feature responsible for "Some settings
were reset / Chrome detected that some of your settings were corrupted by
another program and reset them to their original defaults. Learn more" is a security measure which is used to protect users from malware modifying the user's preferences.
If we were to add a "--dont-treat-me-line-an-idiot" flag, it would be trivial for malware to also set that flag. 

In the grand scheme of things, there's a lot more users getting infected by malware than users who use an external drive for their Chrome install. It's hard to justify weakening the protections of the former in order to improve things for the later. 

There's a few workarounds you could consider:

1. If you don't care about sharing your session between the two physical devices, consider using two different profiles.

2. If you care about sharing your session between the two physical devices, consider using the Sync feature in Chrome. You would still need to use two profiles (one for each device) but they would stay consistent through the Sync feature. 
For the privacy-conscious, I recommend the "encrypt synced data with your own sync passphrase" option. 

I have the same issue too.
If you don’t see the possibility of implementing the usual chrome 'key' witch can turned off the computer’s HWID check , may be make sense release a portable version of the chrome with the permanently disabled check for such cases?