All of your session and security related cookies should be dynamic cookies associated with a single browser session, and not persistent cookies (with a >0 lifetime) stored on disk.
Dynamic cookies go away when you close the browser window/process. This means that someone cannot walk up to your machine after you have closed the browser, start up another browser, and continue using your process. (This is entirely possible with persistent cookies when a user forgets to log out, merely closing the browser instead.)
Parent topic: Overview: security methodologies