In 1997, an RFC was released which allowed for the usage of Max-Age in cookies that allowed the server to set the expiration of a cookie in seconds. Somehow, IE still hasn't implemented this :( Sad panda time.

If IE7 doesn't get a cookie with the expires parameter, it treats it as a session cookie (makes sense). My problem is easily solved for the IE7 experience: send both an expires parameter and a max-age parameter.

Unfortunately, if your server time drifts, you'll get erratic behavior with Firefox.

Argh!