How can I stop Gmail from keeping me logged in after I close the browser?

15

5

If I am logged into Gmail and I quit my browser, then reopen it, I expect to find that I am no longer logged in. This is the way it used to behave.

Now unless I explicitly log out, it brings me right back to my inbox.

I have not checked "stay signed in" at the Gmail login screen, and I've set Firefox to delete all cookies when I close the browser. What else do I need to do?

I'd accept a browser-based solution for this, but I'd really prefer an account setting in Gmail so that it applies to all machines and browsers that I may use.

I think this problem could be described as "how can I ensure that session cookies are deleted when the browser is closed". That would fit with the original idea of session cookies: they are for a single session.

How can I keep Gmail from maintaining my session?

Nathan Long

Posted 2012-08-17T18:30:21.700

Reputation: 20 371

As it happens, I use Chrome and Firefox on Mac, Windows and Linux, depending on where I am. I currently care most about this behavior in Firefox for Mac. – Nathan Long – 2012-08-17T18:31:38.343

If your browser is really set to delete all cookies upon closure, then you wouldn't still be logged into Gmail after you start up again. You should probably double-check that you set this properly, and also check the Privacy -> Remove Individual Cookies dialog to see whether you have any cookies set upon startup. – jjlin – 2012-08-17T18:42:02.553

@jjlin - the settings look fine. In Firefox on Mac, I just logged into Gmail, chose 'Quit Firefox', and verified in Activity Monitor that it's no longer running. Open it back up and I'm still logged in. Under Firefox > Preferences > Privacy, I have checked "Clear history when Firefox closes." In the "Settings" next to that, both "Cookies" and "Active Logins" (which I would have thought were session cookies) are checked. – Nathan Long – 2012-08-17T19:17:55.733

When I log into Gmail there's an option to keep me logged in, just make sure it's unchecked before you submit. – martineau – 2012-08-17T19:18:17.300

@martineau - I mentioned that in the question. – Nathan Long – 2012-08-17T19:19:58.053

@jjlin - although, as it turns out, if I also check "Browsing History", it does log me out. A bit of an extreme solution, though. – Nathan Long – 2012-08-17T19:28:46.257

1

Nathan Long - You don't mention whether any of your Tabs/Windows are restored upon restart of Firefox. If they are, then the why is likely due to the design of the Session Restore feature.

– user66001 – 2013-07-15T00:07:01.083

Answers

14

Change back to the old default behavior

Aha! As this blog post documents (inspired by this podcast):

It appears that for a while now, both Firefox and Chrome have, for the convenience of their users, restored session cookies between browser shut down and restart. This is convenient, but insecure. Only persistent cookies should restore in this way. A common example of the usage of persistent cookies is when you check “keep me logged in” or “remember me” when logging into a site.

Neither Mozilla nor Google seem inclined to revert to the correct secure behavior that IE has kept.

A case where IE is right! Egads, where are my heart pills!?

Here's how he shows to fix it.

Firefox

Browse to about:config, enter ‘sessionstore’ in the search box, and change browser.sessionstore.privacy_level from 0 to 2.

Chrome

Under "On Startup", don't select "Continue where I left off". Also:

Browse to chrome://flags, Press CTRL-F and enter ‘disable better’ to jump to the “Disable Better session restore” flag. Enable it.

For latest chrome version > 33. you need to open chrome://settings/content and select 'Keep local data only until you quit your browser' also in chrome://settings make sure option Continue running background apps when Google Chrome is closed is unchecked otherwise chrome will keep running in background and will not delete cookies

Nathan Long

Posted 2012-08-17T18:30:21.700

Reputation: 20 371

This doesn't work for Firefox 31.0 (for Ubuntu at least). – Robin Manoli – 2015-03-10T20:50:30.023

In firefox 44+ it doesn't work. i.e. setting the flag in 2 has no effect. Exiting Firefox with a gmail (or docs, keep, etc) session active, and then launching again, reopens the session (you are still logged in) as if nothing happened. This is a severe security issue! – DiegoDD – 2016-05-02T17:22:33.303

1

Do you maybe have GMail pinned as "App Tab"? At least in Firefox, pinned App Tabs do not obey any automatically remove private data settings. Firefox remembers the current state of the tab and restores it when you open up the browser again.

Maybe you simply unpin GMail and set it as "hompage"?

Shi

Posted 2012-08-17T18:30:21.700

Reputation: 659

I do not have it pinned. – Nathan Long – 2012-08-17T19:23:55.080

0

It's simple for latest Firefox versions. Go to Firefox preferences and go to the history section where it says 'Firefox will:'. Default option for this might be 'remember history'. Change 'remember history' to 'Use custom settings for history'. Then click on Exceptions button near to the 'Use custom settings for history' option and you'll see a window(look the screenshot attached) that asks you to enter the url of the website to auto delete cookies from a website. Enter the url as accounts.google.com.

After you do these steps you would be automatically signed out of gmail when you close Firefox. Please note that you have to manually type the gmail user name each time you reopen Firefox browser.enter image description here

justin

Posted 2012-08-17T18:30:21.700

Reputation: 237

Asked: 2012-08-17T18:30:21.700

Viewed: 32 523 times

Active: 2017-10-26T07:59:10.747