Session Cookies in Google Chrome Browser

Google Chrome LogoShould Chrome kill your online sessions when you close the browser? Isn’t that the way it should work, regardless of your settings? Well the latest versions of Chrome have modified a setting that I was very fond of, the option to “Continue where I left off.” This setting used to open up my tabs and pinned tabs exactly as I had them when I closed my browser, BUT it also used to kill my session cookies, effectively logging me out of every website I visited. This was great because I am security conscious and I liked that it was as easy as closing my browser window. This means that if someone else opens my browser they won’t instantly have access to all my accounts. Here is how they explain the way the setting works now:

“Your session cookies will be stored when you exit; this will keep you logged into a site, e.g. Gmail.”
(link to Google Support Page)

This worries me because I just read that Chrome has become the most popular (or at least most used) browser, surpassing Microsoft’s Internet Explorer. The reason it worries me is because if someone turns on this “continue” setting on a public computer, everyone’s sessions will still be active when the next person opens up the browser. I don’t think I need to explain the severity of strangers accessing your accounts online.

Don’t get me wrong, I have been using Google Chrome browser since it first came out and I have not looked back because it is a great, secure browser, very much deserving #1 spot if not just for how fast it is compared to other browsers. The change in this particular setting just seems like a step back in security and I hope they realize this and re-consider. Apparently I am not the only one who thinks so; check out this conversation thread:

I will, of course, continue to use Chrome, but until they change the way this setting acts I will have to make a bigger effort to remember to log out of all my sessions.

UPDATE (2012-06-21): Enabling¬†“Disable Better session restore” (under chrome://flags) does return the desired behavior of killing session cookies on browser close, so at least I can now work as I used to.