Solved

Google Chrome on iPad Saves Session ID After Close

Posted on 2015-01-15
5
304 Views
Last Modified: 2015-01-22
My experience in the past has been that when you close a browser it deletes the sessionID in php.

But with Google Chrome on the iPad I am noticing that the sessionID is maintained and is not reset. It appears to be saving the sessionID as a cookie and reuses the sessionID even if you close the browser.

My application stores data in a database based on the session ID so this creates a problem for me.

Is there a workaround that would:

a) Keep the same sessionID within a browser session even if you go to a different site. If you come back to the site, the same ID would be used.

b) Keep the same sessionID if you open a second tab on the site.

c) Delete the sessionID if you close the browser.

Or am I missing something really big here with how sessions are supposed to work.

Thanks.
0
Comment
Question by:pkonstan1
  • 2
  • 2
5 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 200 total points
ID: 40551949
The sessionID cookie should remain as long as Any window of the browser is open.  They only expire when ALL browser windows are closed and the program exits.
0
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 150 total points
ID: 40552009
If old session id is a problem then associate it on the database with a timestamp and if the client comes to the server with an old session then replace it with a new one. You have resource and cognitive control from the server side. You never let the control of a session in which there are possible DB updates to be controlled by the client.

Cd&
0
 

Accepted Solution

by:
pkonstan1 earned 0 total points
ID: 40552347
I agree with both of your comments and that has been my practice and experience for ten years. But i noticed today that the behavior on my iPad was different in that even if Google Chrome was totally closed on the iPad, the session ID was saved as a Cookie. So the next time I opened it up, it loaded that session from the cookie.  I did the following as an experiment to test.

1. Opened up my site and loaded a page or two.
2. Closed the browser completed.
3. Put two lines of code in a php page test.php page.  
print_r($_COOKIE); die ("at stop point");

Open in new window


If I follow these three steps on my desktop, I get an empty cookie.
When I do it on my iPad I get an array returned [0][PHPSESSIONID] jufieefjei7879ef89w7598739

It could be that my iPad also has some other Google things like a search and maps. So if they're based off the same environment maybe that's why the cookie is staying persistent... its as if the browser isn't "really" closed unless all of those other process (as well as maybe some background processes) are killed as well.

What do you think?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40552463
Sounds very likely to me.  Google likes to keep thing running the 'background'.  Chrome on the desktop has an option that you can uncheck to stop allowing it to run things after the browser is closed.
0
 

Author Closing Comment

by:pkonstan1
ID: 40563901
Ultimately it was what I had originally suspected. The two contributors gave some insight that was helpful but it simply brought me back to my original thoughts.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to dynamically set the form action using jQuery.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now