During http authentication, a cookie is dropped. This is a persistent cookie. The cookie is valid across browser sessions.
For clusters which require enhanced security, it is desirable to have a session cookie so that cookie gets deleted when the user closes browser session.
It should be possible to specify cookie persistence (session or persistent) via configuration