Session cookies are cached and treated as persistent cookies

[gadamsgh]

Session cookies which aren't expected to persist for a new process are persisting through application relaunch. This is problematic for things like authentication and load balancer cookies.

It can be reproduced easily using Fiddler and the main.js example below launching amazon.com.

main.js:

const carlo = require('carlo');

(async () => {
  const app = await carlo.launch();
  app.on('exit', () => process.exit());
  app.serveFolder(__dirname);
  await app.load('https://www.amazon.com');
})();

In Fiddler you'll see that the first request to / will set a session "skin" cookie. Set-Cookie: skin=noskin; path=/; domain=.amazon.com

Now completely close the running carlo instance and relaunch with node main.js. You'll see that the first request from the new process will already have the "skin=noskin" cookie set. From procmon, it looks like the session cookies are being cached in .\node_modules\carlo\lib.local-data\profile-stable\Default\Cookies and then reloaded on subsequent launches. By denying write permissions to this file I can prevent the behavior, but that would also break persistent cookies. I do not see the same behavior with Chrome standalone.

Is there a Chrome launch arg that affects this behavior or some other way to prevent session cookies from being cached?

[pavelfeldman]

@caseq , check this one out!