UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Steps to reproduce the problem:
I have a website that sets the src of an img and then quickly changes it. This (appropriately causes Chrome to cancel the request to the first src). 

However, if the Chrome Dev Tools are open to the Network tab, an additional request is made the original (cancelled) URL. I think this is to so an icon thumbnail of the image. But this request does not contain the cookie HTTP header, causing the server to generate an new session cookie. And Chrome stores this cookie, destroying the users original session.

I've attached a simple server that can be run with node.js to demonstrate the problem.

What is the expected behavior?
No side effects from using Dev Tools.

What went wrong?
Dev Tools should not have side effects, like creating additional requests. If Dev Tools must create a request, it should send the cookies.

Did this work before? N/A 

Chrome version: 69.0.3497.100  Channel: stable
OS Version: 10.0
Flash Version: 

The behavior is not totally reliable. Sometimes the additional request contains the headers. Sometimes Chrome keeps both the original session cookie and the new one. Then subsequent request would have two cookie headers.
 

Deleted: test.js 2.1 KB

test.js 2.1 KB View Download