Configure line:
'./configure' '--with-apxs' '--with-oci8' '--with-iodbc=/usr/lib'

Standard php.ini.

session.cookie_lifetime is 0.

A very simple test script:
<?php
  session_start();
?>
Session started.

Now, the problem is related to so called per-session cookies. These are meant to disappear when the user closes his browser. The problem is that cookies sometimes get an expires value of "end of session" as they should with the lifetime set to 0, but sometimes they get an expire value of some timestamp.

I first discovered this problem in IE5, and thinking that it could be an IE5 bug, I tested with Opera 5 and Netscape 6, and the same error arose. I was unable to see any pattern in the way expires alternated between "end of session" and a time. Sometimes I could get "end of session" for 4-5 times in a row, then a timestamp, then a end of session, then a timestamp several times and so on.

I then tested this with PHP on a computer running FreeBSD and was unable to reproduce the error here. Both the Linux and the FreeBSD ran Apache 1.3.14.

The easiest way of testing this behaviour is probably by using the test "script" mentioned above, and use Opera as your browser. Make Opera prompt you every time it recieves a cookie, this way you will see the expires value immediately on loading the page, so you can just reload (F5) and then refuse the cookie. Keep on doing this. By using this method I'm pretty sure the expires value is always 5 minutes in the future when a it's a timestamp. I was sometimes able to see a pattern; either timestamp, timestamp, end of session (repeating) or end of session, end of session, timestamp (repeating). But my testing was not at all conclusive at this particular point.

Finally I would like to mention that I tested this from browsers in Windows 98 and Win2K with the same result.

Sometimes cookies can appear correctly for a very long time, so please be patient when trying to reproduce this strange bug.

And hopefully you will be able to crush it!