$_Session Should Be An Empty Array Before User->Setstate, But It's Not, Why?



Open a new browser, begin a new session.

The first line of code should output an empty array, but i get this output:

array(1) { ["cf118fdcf1aacb2c52b2cd97824aa76fuserGuid"]=> string(2) "qq" }, could anybody tell me why?

I test this with other browsers, It turns out that this only happen on chrome.

And i do more digging in google. The cause of this is chrome doesnt clear session cookie on browser close.

This is truly unsafe.