Unable to delete cookie for gmail via Clear On Exit

[snowbound]

With Google Chrome and MS Edge Chromium if you enter "google.com" in their respective Clear On Exit for cookies then when the browser is closed and restarted any sessions for Gmail are automatically logged out. This is because it deletes the SID subcookie for Google.com

Steps to Reproduce

1. enter google.com on Clear on Exit for cookies
2. ensure that you are logged into a Gmail account
3. close Brave
4. restart Brave
5. go to gmail.com

   Actual result:

   You are still logged into Gmail account

Expected result:

You should be logged out of gmail if the deletion of the google.com is occurring. It is not as the google.com still shows up under brave://settings/siteData when Brave is closed and restarted.

Reproduces how often:

on demand

Brave version (brave://version info)

Version 1.8.66 Chromium: 81.0.4044.83 (Official Build) beta (64-bit)

Version/Channel Information:

• Can you reproduce this issue with the current release?
• Can you reproduce this issue with the beta channel? YES
• Can you reproduce this issue with the dev channel?
• Can you reproduce this issue with the nightly channel?

Other Additional Information:

• Does the issue resolve itself when disabling Brave Shields? NO
• Does the issue resolve itself when disabling Brave Rewards? NO
• Is the issue reproducible on the latest version of Chrome? NO

Miscellaneous Information:

Even using [*.]google.com does not log one out of Gmail. One should be able to delete specific cookies which in this case is the SID@mail.google.com one which forces a logout of the gmail account.

I was told in this thread on the community to enable “Cookies and Site Data” but when I did that back in February it resulted in a scorched earth of deleting 2FA authorization cookies as well as the YouTube configuration cookie.

[snowbound]

FYI got a private response from what I deemed was a spammer. Sigh

[rebron]

@snowbound Dupe of https://github.com/brave/brave-browser/issues/8842#issuecomment-604492495

cc: @jumde

[jumde]

@snowbound - On v1.9.37 and v1.8.78

With:

• Preferences set to delete cookies on exit:

If I log into gmail.com, close and re-open the browser. I don't stay logged into gmail.com

Let me know if I'm missing something.

[snowbound]

@jumde
I use 2FA I only want to be logged out of gmail. I do not want other cookies such as the 2FA cookie to be deleted.

When I use Chrome and my current browser MS Edge Chromium and tell it to delete the "google.com" cookie upon exiting the browser I am logged out of all the Gmail accounts I was logged into. The 2Factor Authentication cookie is still intact,

[bsclifton]

@jumde I believe @snowbound is using the Clear on exit feature on content settings in brave://settings/content/cookies

I can definitely understand not wanting to use the Clear on exit that @jumde showed, as this clears all cookies and site data

[snowbound]

Correct @bsclifton I am indeed using "Clear on exit" or would like to but even with the current build of Brave ---Version 1.9.45 Chromium: 81.0.4044.122 (Official Build) beta (64-bit) it is still not working.

[jumde]

@snowbound - Thanks for your help.

Are you able to repro this if you disable Allow Google login buttons on third party sites in brave://settings/socialBlocking? I can repro with the setting enabled, but not with the setting disabled.

[jumde]

With cookie exceptions the behavior is same in Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=1081587 - Needs an upstream fix.

[snowbound]

@jumde Only setting I have enabled in Social Blocking is "Allow Twitter embedded tweets" and I have "google.com" entered under "Clear on exit" . That should force a logout on Gmail accounts like Chrome and Edge Chromium on the next browser start. It does not

[snowbound]

This issue still persists in Version 1.15.54 Chromium: 85.0.4183.102 (Official Build) beta (64-bit) per this Reddit post

[snowbound]

Thought this issue was solved with the help from fellow Reddit user UrbenLedgen in this thread but has reappeared. Today when I started up Brave I was still logged into all of my Gmail accounts.

Six month old thread on Brave Community thread on this issue.

Version 1.15.54 Chromium: 85.0.4183.102 (Official Build) beta (64-bit)

[snowbound]

Clear on Exit appears to have been replaced by "Always clear cookies when windows are closed" and this is still apparently happening on both the release version of Brave as well as Version 1.19.77 Chromium: 87.0.4280.101 (Official Build) beta (64-bit)

[snowbound]

How is it that the current MS Edge Chromium Beta at least is capable of deleting the google.com cookie on exit yet Version 1.19.77 Chromium: 87.0.4280.101 (Official Build) beta (64-bit) it is an impossible task to accomplish? I have nothing enabled in Allow Google login buttons on third party sites in brave://settings/socialBlocking

[jumde]

@snowbound - I was able to reproduce this issue. Thanks for all your feedback! Will keep you posted about the progress.

[snowbound]

Thank you for the feedback I spent countless hours here reinstalling Brave and trying various things thinking it was an issue here.

[snowbound]

This is close to a year-old bug that along with a sync issue has currently caused me to switch to another Chromium browser. Is there any ETA at all when it will be fixed?

[snowbound]

Is this issue about to be fixed anytime soon? Why are other Chromium-based browsers not having this issue?

[User198263321]

How is this not fixed yet

[snowbound]

It's only security-related on a system that others have access to or if the computer is stolen. You also have to be using Gmail and are not aware of Brave inability to delete cookies to force a logout on next startup. /s

[rebron]

Typing in [*.]google.com above and quitting Brave didn't clear gmail for you on next launch? I got logged out of Google, actually was signed-in to two gmail accounts and I was logged out of everything.

OS specific? Am I missing a scenario?

Using : Brave	1.24.71 Chromium: 90.0.4430.72 (Official Build) beta (arm64)
Revision	b6172ef8d07ef486489a4b11b66b2eaeed50d132-refs/branch-heads/4430@{#1233}
OS	macOS Version 11.3 (Build 20E232)

[snowbound]

Doing the [*.].google.com removes ALL the google cookies including 2 FA cookies. If one specifies google.com in Chrome or MS Edge then the browser only deletes a HSID or SID subcookie that forces a logout of Gmail. The 2FA cookies and other configuration cookies say for YouTube remain intact. That is what I would prefer to happen. A scorch earth cookie deletion is something I want to avoid

[snowbound]

I have had to resort to using Cookie AutoDelete extension to do the cookie deletion as it appears Brave is the only Chromium-based browser that is incapable of doing this. I have tried countless other browsers and they have no such issue. As this is a 14+ month old issue that still has not been fixed I doubt it ever will be.

[bridiver]

I'm not able to reproduce this issue. I'm going to close it, but if anyone can still reproduce please let me know.

[snowbound]

@bridiver If I go into Brave settings and select All Cookies and Site Data it displays all the cookies. If I then enter google.com in the search box in the upper right corner of the page it shows all the cookies with the google.com domain including this cookie

If I then go to

Always clear cookies when windows are closed and enter google.com then the above cookie should be deleted when Brave is closed. It is not. If this cookie is indeed deleted then it will automatically do a force logout of your Gmail accounts.

If I close Brave down then start it back up and go into All Cookies and Site Data then the google.com cookie is still there in Brave Beta v 1.36.83

[bridiver]

@bridiver

If I go into Brave settings and select All Cookies and Site Data it displays all the cookies. If I then enter google.com in the search box in the upper right corner of the page it shows all the cookies with the google.com domain including this cookie

If I then go to

Always clear cookies when windows are closed and enter google.com then the above cookie should be deleted when Brave is closed. It is not. If this cookie is indeed deleted then it will automatically do a force logout of your Gmail accounts.

If I close Brave down then start it back up and go into All Cookies and Site Data then the google.com cookie is still there in Brave Beta v 1.36.83

Can you try it on nightly? I was logged out of gmail when I closed and reopened the browser. What OS?

[snowbound]

Windows10 Pro 21H2 Only have Beta and release version installed here.

[Miyayes]

I was able to reproduce on

Brave | 1.36.83 Chromium: 98.0.4758.87 (Official Build) beta (x86_64)
-- | --
Revision | e4cd00f135fb4d8edc64c8aa6ecbe7cc79ebb3b2-refs/branch-heads/4758@{#1002}
OS | macOS Version 12.0.1 (Build 21A559)

STR:

1. Log into a Gmail account
2. Go to brave://settings/cookies and make sure "Clear cookies and site data when you close all windows" is toggled ON
3. Completely close the browser and restart the browser
4. Note how Gmail is still logged in and cookies are not deleted

Notes: Please note that @snowbound is asking about the (A) Clear cookies and site data when you close all windows toggle. There is another setting, (B), that clears data upon browser close/exit at brave://settings/clearBrowserData > On exit.

I tested (A) in the above.

[bridiver]

@Miyayes I believe he is referring to "Always clear cookies when windows are closed" as I posted here https://github.com/brave/brave-browser/issues/9085#issuecomment-1029568336

There is no "clear on exit" settings, but it may have been called that when the issue was filed

[snowbound]

Correct

[Miyayes]

I was able to reproduce on Nightly with:

Brave | 1.37.26 Chromium: 98.0.4758.87 (Official Build) nightly (x86_64)
-- | --
Revision | e4cd00f135fb4d8edc64c8aa6ecbe7cc79ebb3b2-refs/branch-heads/4758@{#1002}
OS | macOS Version 12.0.1 (Build 21A559)

Even when this was set:

[bridiver]

I was able to reproduce on Nightly with:

Brave | 1.37.26 Chromium: 98.0.4758.87 (Official Build) nightly (x86_64)
-- | --
Revision | e4cd00f135fb4d8edc64c8aa6ecbe7cc79ebb3b2-refs/branch-heads/4758@{#1002}
OS | macOS Version 12.0.1 (Build 21A559)

Even when this was set:

That's interesting because with [*.]google.com @rebron reported that he couldn't repro https://github.com/brave/brave-browser/issues/9085#issuecomment-830415247

@Miyayes can you post a video of your repro?

[snowbound]

I have to make something clear.

I DO NOT want to clear ALL the cookies from Google. Only the cookie that shows up in the list of all cookies as "Google.com" in the list of cookies. This is because if you use [*.]google.com it will delete all cookies including 2FA and other settings such as for YouTube etc. Deleting the "Google.com" cookie pictured here

https://github.com/brave/brave-browser/issues/9085#issuecomment-1029616491

Will force a log out of Gmail accounts automatically upon browser closure or should. Two years ago both Chrome and MS Edge had no problem deleting this cookie. I BELIEVE it is the SID subcookie?? that if deleted forces a log out of Gmail accounts which is good security practice I try to follow.

[bridiver]

So this appears to be caused by the google login setting in brave://settings/socialBlocking This setting is defaulted to enabled as a trade-off for webcompat, but may not be needed now that we have partitioned storage. Verifying this can be tricky because there are many different ways that sites can implement google login and this is only required for some of them. cc @pes10k

@snowbound disabling the toggle should fix your issue and I believe 3p google login should continue to work, but we need time to verify.

[snowbound]

@bridiver nope, that toogle has always been off.

[bridiver]

@bridiver nope, that toogle has always been off.

@Miyayes was testing with the wrong value [*.]google.com, he's checking again now with google.com

[bridiver]

@snowbound when you restart the browser, do you still have a gmail tab open? Does the same thing happen if you close any open gmail tabs before closing the browser?

[snowbound]

@bridiver no tabs are automatically open on browser startup. I use an extension Session Buddy to restore the tabs open when it last saved the open tabs. That process is manual. I click on Session Buddy select the last saved session and restore the tabs in the current blank window which is a NEW TAB.

[bridiver]

@snowbound do you have that extension installed on Chrome as well? I haven't heard back from @Miyayes about his results with the correct domain, but I'd like to make sure we're eliminating any extensions as a possible part of the problem.

[bridiver]

also I assume based on your other preferences that you have google auto sign in disabled on Chrome?

[snowbound]

@bridiver correct Google uses 2FA and Chrome is set to open a new tab on start up and session buddy used there as well. When the tabs are restored I have to login to the 2 Gmail accounts.

[ShivanKaul]

The Settings UI has gone through several iterations since this issue was reported, we've gotten rid of the global Google Login button. I'm not sure what exactly the ask here is at this point, will close it out. We also have plans to remove the cookie detail page: https://github.com/brave/brave-browser/issues/39033