Comment by paxys
2 days ago
No, sites use persistent cookies, which remain on your browser after you have closed the tab. Session cookies are wiped out automatically after every session.
2 days ago
No, sites use persistent cookies, which remain on your browser after you have closed the tab. Session cookies are wiped out automatically after every session.
Note that modern web browsers do not define a session end as "when you close your browser" unless you hunt for and enable settings to make them do that. Session cookies will happily survive a browser restart by default, because browser makers know that most users don't consider closing their browser to be ending any kind of session.
I think some developers will interpret the term "session cookie" differently then that, because a "session" is usually just something that's tracked in a backend, and an identifier for this session is often written in a cookie
Hence... Session cookie, even if set without expiration date
Session cookies are cookies that identify a session. They last however long you specify. A bank forces quick session expiry. Amazon doesn't.
Compare https://docs.djangoproject.com/en/5.2/topics/http/sessions/ .
> To use cookies-based sessions, set the SESSION_ENGINE setting to "django.contrib.sessions.backends.signed_cookies".
> When using the cookies backend the session data can be read by the client.
> A MAC (Message Authentication Code) is used to protect the data against changes by the client, so that the session data will be invalidated when being tampered with. The same invalidation happens if the client storing the cookie (e.g. your user’s browser) can’t store all of the session cookie and drops data.
No, they're not. This terminology is well-established.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Coo...
You can believe what you like, but that won't change what people mean by the term "session cookie".
If you try to communicate with other people using that definition of "session cookie", your communication will fail.
2 replies →
I set my browser to clear cookies on exit so that my cookies cannot be stolen by malware.
Why do you think malware can't steal your cookies when the browser is open (and I assume it is open for most of the day)?
Because (at least less sophisticated) malware just steals your browser files which contain cookies. I am assuming of course the browser is smart enough not to write cookies to disk if I set it to clear cookies on exit.
how often are you exiting though?
Every day