Describe the issue or problem
For security reasons we would like to set the PKP cookie (per default named OJSSID) to be a session cookie. In the config file it says: “set to 0 to force expiration at end of current session”. However, if I set the session_lifetime to 0, no cookie is set at all.
Steps I took leading up to the issue
- in config.inc.php set session_lifetime = 0
- if necessary clear the cache and remove all cookies from PKP already there
- load the site
- check if a cookie is set using the browser tools
What application are you using?
OJS 3.5.0.1
Another, somewhat related question: what use does the “cookie_encryption” setting has? As far as I understand it, OJSSID only holds a reference to the sessions table?
As always, many thanks 
Felix