When I am rebooting my android device (kindle fire) or kill an application, it seems like the browser or WebView 'session' cookies are not deleted. This seems to be quite different from the behavior of browsers on Windows or MacOS where 'session' cookies are gone if you kill the browser application. Only 'persistent' cookies should be persisted after browser process restart. To clarify, the meaning of 'session cookies' here is a cookie set by the server with no expiration date, using http header in the response, such as: Set-Cookie: mycookie=ifmr0846qcsdpeqqkgvuqmc5u7; path=/ Since no expiration date is specified, browsers typically don't persist those, keep them alive until the process is killed, based on my understanding. Typically session ids are set using this type of cookie.
I am convinced that those are not deleted on device reboot, or app restart because if I log in to my website, establishing a session (using non persistent/'session' cookie for the session id, named PHPSESSID in that case), then reboot the device and open the browser or WebView to the same url, I am still logged in, which means to me that the browser still sent the same PHPSESSID cookie that was set by the server before device reboot.
Could anyone explain/confirm this behavior for android WebViews or browser? How do they manage session and persistent cookies exactly?
thanks.
