Force cleaning of session cookies (firefox, chrome)
Some browsers (Firefox, Chrome) by design doesn't clean session cookies when you close them, if you set some kind of remember me switch (for example in FF go to Options->General->When Firefox starts->Show my windows and tabs from last time). It is a problem for our client (government agency...) while I do have absolute control over http server, I have no control over browser settings. The scenario is - they're used to share computer accounts, however they shouldn't be able to share web accounts - simply closing the browser should kill the session never mind the browser settings.
Is there an elegant way how to enforce that ?
You could try using HTML5s sessionStorage it lasts for the duration on the page session. A page session lasts for as long as the browser is open and survives over page reloads and restores. Opening a page in a new tab or window will cause a new session to be initiated.
Browser Compatibility https://code.google.com/p/sessionstorage/ compatible with every A-grade browser, included iPhone or Android. http://www.nczonline.net/blog/2009/07/21/introduction-to-sessionstorage/
In firefox a simple setup is require in order to prevent firefox to remember passwords when the browser closed:
- enter to setup menu (top right)
- select "options"
- select "privacy" tab
- change "history" from "remember history" to "use custom setting" or "never remember"
- when "custom setting" is marked, change the cookies settings "keep until" from "until expired" to "until I close firefox"