By default, a WebID cookie is valid only during the browsing session for which it was created. When the tokenholder exits his Web browser, the cookie expires and must be renewed during the next authentication session.
Before enabling WebID cookies, you should decide what additional expiration controls you wish to place on the cookies you hand out to tokenholders. These control features can help reduce the risk of an unauthorized person gaining access to protected pages through a Web browser that a trusted user has left unattended.
Cookies can be configured to expire during a browsing session either