Cookies must be deleted with the same parameters as they were set with. If the value argument is an empty string, or FALSE, and all other arguments match a previous call to setcookie, then the cookie with the specified name will be deleted from the remote client.
-- from php menu
So unlike session, when close the browser the session is gone. But if you don't specailly call the code to delete the cookie, just close the browser, the cookie will still sit in the remote computer. even it might be expired, such as we you set the cookie, you set it by the life time as the session, but still the expired cookie is sitting in the remote computer?
Will expired cookie be deleted from remote computer automatically when it is expired?
So session is safer in this case? At least, no cookie value for hacker to fool around with?
Thanks!
