The set_cookie() function in the user class does not provide a way to set a cookie that will expire at the end of session. A timestamp of zero will be converted into past date, causing immediate expiration (and thus no cookie). Passing in an empty string causes the gmdate() function to return false (setting no expiration), but it also causes the function to throw an E_WARNING level error, so that's no solution.