Solved

Google Chrome on iPad Saves Session ID After Close

Posted on 2015-01-15
5
300 Views
Last Modified: 2015-01-22
My experience in the past has been that when you close a browser it deletes the sessionID in php.

But with Google Chrome on the iPad I am noticing that the sessionID is maintained and is not reset. It appears to be saving the sessionID as a cookie and reuses the sessionID even if you close the browser.

My application stores data in a database based on the session ID so this creates a problem for me.

Is there a workaround that would:

a) Keep the same sessionID within a browser session even if you go to a different site. If you come back to the site, the same ID would be used.

b) Keep the same sessionID if you open a second tab on the site.

c) Delete the sessionID if you close the browser.

Or am I missing something really big here with how sessions are supposed to work.

Thanks.
0
Comment
Question by:pkonstan1
  • 2
  • 2
5 Comments
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 200 total points
ID: 40551949
The sessionID cookie should remain as long as Any window of the browser is open.  They only expire when ALL browser windows are closed and the program exits.
0
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 150 total points
ID: 40552009
If old session id is a problem then associate it on the database with a timestamp and if the client comes to the server with an old session then replace it with a new one. You have resource and cognitive control from the server side. You never let the control of a session in which there are possible DB updates to be controlled by the client.

Cd&
0
 

Accepted Solution

by:
pkonstan1 earned 0 total points
ID: 40552347
I agree with both of your comments and that has been my practice and experience for ten years. But i noticed today that the behavior on my iPad was different in that even if Google Chrome was totally closed on the iPad, the session ID was saved as a Cookie. So the next time I opened it up, it loaded that session from the cookie.  I did the following as an experiment to test.

1. Opened up my site and loaded a page or two.
2. Closed the browser completed.
3. Put two lines of code in a php page test.php page.  
print_r($_COOKIE); die ("at stop point");

Open in new window


If I follow these three steps on my desktop, I get an empty cookie.
When I do it on my iPad I get an array returned [0][PHPSESSIONID] jufieefjei7879ef89w7598739

It could be that my iPad also has some other Google things like a search and maps. So if they're based off the same environment maybe that's why the cookie is staying persistent... its as if the browser isn't "really" closed unless all of those other process (as well as maybe some background processes) are killed as well.

What do you think?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40552463
Sounds very likely to me.  Google likes to keep thing running the 'background'.  Chrome on the desktop has an option that you can uncheck to stop allowing it to run things after the browser is closed.
0
 

Author Closing Comment

by:pkonstan1
ID: 40563901
Ultimately it was what I had originally suspected. The two contributors gave some insight that was helpful but it simply brought me back to my original thoughts.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I had to do a bit of research to find the answer to this question so I thought I'd share my results.  Due to our outdated mainframe systems, we need to downgrade IE9 to IE8 in order to stay compatible.  We also needed to downgrade Java.  In order to…
Several part series to implement Internet Explorer 11 Enterprise Mode
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now