immortal session cookie in Chrome

March 3, 2016

It’s very interesting, we set a session cookie for users who logged in system, and we expect after he/she close browser the cookie will be deleted, that’s for security consideration. But I found even I closed Chrome, when I open it again, the session cookie is still there! That’s the reason. I have modified setting to my default, but “Continue where you left off” is very useful sometimes.

cookies domain

March 3, 2016

There are some RFCs about HTTP state management: RFC2109, RFC2965, RFC6265. My environment is Chrome Version 47.0.2526.106 (64-bit), I use tornado set cookies. As the RFC content, if you provide domain field in Set-Cookie, you should keep a dot at the beginning of domain name, if you forget, the http client should help you. You can ignore domain field, then the domain value will be set as same as request host. ... Read more

© 2018 | Follow on Twitter | Hucore theme & Hugo