cookies have an 'expires' field. by default (i.e., if it is not set), cookies expire when the user closes the browser. you can override this by setting the expires time to some number, such as +3M (3 months from now) or +2Y (2 years from now). as you may have guessed, setting cookies to a negative value means that they are already expired; you can have a user "log out" by setting a cookie with a negative expiration time. the short cuts are: M for months, d for days, m for minutes, Y for years.