end APM session on browser close

Looking at same question myself. If you untick the "Persistent" option on the Access Policy cookie, then the MRH_Session cookie becomes a proper session cookie. Then (if your browser deletes session cookie at close of play, mine didn't because I had "Continue where you left off" selected in Chrome), closing the browser deletes the cookie, and stops the session. However if I enable "multi-domain" support, the persistent toggle seems to have no effect, and cookies are always persistent and expiry is set based on "Session Inactivity timeout" (e.g. now + inactivity time out) once the session is established (up to that point the cookies are proper session cookies). Would like to know if the disabling of "Persistent" is deliberate. I assume the session associated with a multi-domain cookie should stay alive for as long as one of the domains is seeing activity within its session inactivity timeout. My best guess is that multi-domain authentication has issues, as I have another support tickets relating to cookie behaviour in multi-domain authentication where it appears to find cookies in parent domains, and confuse the session re-start. Kludgy as it is, I recommend a belts and braces approach, where you use session cookies (not persistent), and catch the Javascript event and visit the corresponding logout page as the window closes, if you really want them to be logged out reliably.