Brave beta not deleting Cookies on exit


#1

Up until recently Google would allow logins to your account even though Javascript was disabled. Disabling Javascript allowed one to use the older login UI where there was the familiar “Keep Me Logged In” check box. Those of us who wanted to be automatically logged out when the browser was closed did no check that box. That worked fine until recently when Google mandated that Javascript had to be enabled to login.

In Google Chrome I am able to tell Chrome to delete cookies from Google.com on browser exit then when I start up Chrome and go to say Gmail.com I found that I was logged out of my all my accounts. Great that works fine in Chrome.

However it does not work in Version 0.57.6 Chromium: 71.0.3578.31 (Official Build) beta (64-bit) of Brave. When I delete the cookies for Google.com manual through the content settings page in settings and refresh the gmail page I find I am logged out as expected. However if I put google.com under the “Clear on Exit” settings exit Brave and then start Brave up and go to Gmail.com I am still logged in! It appears that Brave is not deleting anything under “Clear on Exit” Why?


#2

This option is actually new and likely came along with an update to chromium. I actually had no idea it was there until recently. We have an open issue for it, but it was made before the option existed so we may need to adjust it.

That said, you’re correct partially. The setting doesn’t actually work as intended - that is, if you enter any web address into the Clear on Exit option for Cookies, cookies from those sites will not be deleted and your sessions will be restored.

However! While I was testing this, I tried entering less specific domains. This also didn’t work but gave me the idea to try different input methods. Here’s what I found:

  1. Entering any site URL in standard form (ie, https://website.com) - Cookies persist and session data is saved
  2. Entering any site URL with port number specified (ie, https://website.com:443) - Cookies are deleted, session data is cleared
  3. (Bonus) Entering any site URL of the form ([*.]website.com) - Assuming you entered the proper domain, cookies are deleted, session data is cleared

Can you try altering the URL to reflect one of the above (working) options and see if this resolves the issue?


Video play issue
#3

Sorry but doing #3 is the only one I see working because the cookie in question that Google uses is called google.com however using the wild card option will also delete accounts.google.com cookies which contain the 2FA cookie that I have set for 30 day expiration. This means that I would also have to enter my 2FA code every time I want to login on any trusted device that I use Brave browser. This is troublesome and more than what I want to go through to fix what works properly in Chrome.

As the notification issue for live streams in YouTube does not work and this cookie deletion does not work I have sorry to say decided to go back to using Chrome on my main computer for the time being. I need these items to function as intended.


#4

We’ll see you again later I’m sure!
Before you go - did it work? I mean

Did you actually do that? Did it work and retain your 2FA?


#5

Yes I did and here are the before and after list of the cookies when I entered google.com as the search parameter in Cookies


As I thought this process did log me out but it also removed the google 2FA for all of my Google accounts. It also appears to have deleted a bunch of other cookies but for some reason left others.

P.S. The same thing happens if you use https://mail.google.com:443. It logs you out but also deletes the 2FA cookies as well.

P.S.S. If however I go in and manually delete the cookie labelled google.com in that list by clicking on the trash can icon then go and force the open Gmail page to reload I am logged out HOWEVER when I log back in I do NOT have to enter my 2FA code. That is what should happen when one simply enters google.com for the On Browser close option.


#6

Oh, so it does work then. Gotcha. So then it sounds like all you have to do is go to Clear on Exit, click Add and enter https://google.com:443

  • Cookie(s) deleted on exit
  • 2FA remains
  • Session data cleared

Enjoy!


#7

Yes I tested it here using the https://google.com:443 and it does appear to work the way I want. I am logged out with out the 2FA being removed. Will give Brave a chance here now if I could only see YouTube pop up box for notifications to show up. One step at at time I guess.

Thanks for the help.

UPDATE: This morning I started up Brave on my Win7 desktop which has https://google.com:443 in delete cookies on exit and lo and behold I was still logged in to my gmail account!

In Google Chrome I have google.com in its remove on close option and it works fine.

This is the cookies for google.com when I close Brave and then after all the Brave processes have ended started it up and simply looked at the list of the cookies. I have highlighted the cookie which has to be deleted but is not

:frowning:

Sigh


#8

Just checked my Windows 10 machine and it too kept me logged into Google even though it too has https://google.com:443 set


#9

Had to revert back to Chrome after I missed several live streams on YouTube since I never seen any sort of pop up notification on Win7 or Win10 here. Then there is this cookie issue, Two major issues that precludes continuing to use Brave as my default browser.


#10

Just adding https://google.com:443would not suffice. Google domains are accessed differently. For instance Gmail login needs to have https://accounts.google.com but the actual domain redirects to https://mail.google.com so you will have to individually set it as each TLD(top level domain)+1 only serves as a redirect to another TLD+1. Its the same with YouTube. Each of them redirects via https://accounts.google.com and https://accounts.youtube.com.

BTW this should be fixed once this is implemented

I hope you do stay on to provide valuable feedback and not switch back right away. Please do note that this is a work in progress and feedback helps us to improve the product experience.


#11

The thing is Google Chrome allows your to specify domains only. In all my years I have never specified http or ports in any of my cookie deletion rules. Using accounts.google.com or mail.google.com is the scorched earth approach in that it also deletes all cookies including 2FA which in my case is the drastic method and I can implement it as it stands.

However Chrome is capable of performing the desired result simply by entering google.com as the cookie deletion rule. I even went as far as to install a cookie editing extension to look at the cookies and discovered that under the mail.google.com it uses a cookie called google.com and is the cookie that I can manually delete in Chrome or Brave which causes the desired effect. However automating that process in Brave is not.

As well Chrome is capable of popping up notifications windows for YouTube.

Both of these features I rely on daily to work.


#12

Some more good news. The nuking of Brave off this Windows7 system should of been done weeks ago. I say this because preliminary testing is showing that Version 0.57.6 Chromium: 71.0.3578.31 (Official Build) beta (64-bit) is now removing the google.com cookie on exit.

This means that when Brave is close the cookie is deleted and I am automatically logged out of my Gmail accounts. This is the same behavior that I thought I saw a week or two ago in Brave on Windows10 here. For some reason the Windows7 install was fubared enough to cause multiple issues.

I simply have google.com in Brave to delete on exit in Clear on exit for cookies. No port or https.