I was not familiar with the Discard option that looks like it does the trick.
Does it discard the ad_session_id cookie if persistent login is not checked or allowed? This is the one that was causing a problem since it renewed the session even if your login cookie had expired.
