More thoughts...
According to the Netscape cookie specs (see first post):
expires=DATE
The expires attribute specifies a date string that defines the
valid life time of that cookie. Once the expiration date has been
reached, the cookie will no longer be stored or given out.
...
expires is an optional attribute. If not specified, the cookie
will expire when the user's session ends.
So it's not possible to set a short session timeout AND expire-on-close on the cookie at the same time (referring to ad_session_id).
So that rules out the easiest thing to do :)
