I've been fiddling around with PHP4 sessions lately, and one thing bugs me. In the documentation it is claimed that a cookie lifetime of 0, (default), implies that the cookie is deleted as soon as the browser is closed. This does not seem to be the case with IE5 (only tested browser). I'm absolutely certain that the cookie lifetime is 0, but when I close the browser (all windows), the cookie stays put.
This annoys me a lot because it seems like an enormous security hole if several people use one computer.
