authentication cookie timeout?

Using WAS 5.1 on Solaris.

Is it possible to set an expiry time for an authentication cookie (created by WAS Basic authentication) or does such a cookie persist until the browser is closed? If a timeout can be set how do I set it?

I found the following in "Enterprise Java Programming with IBM WebSphere" by K Brown et al :-

"Once a user has been authenticated into WebSphere, WebSphere generates a special client credential to keep the user from having to log in again. This credential uniquely identifies the user and is kept in a cookie that is stored in memory on the user's browser. It has an expiration time associated with it to keep someone else from finding the cookie and using it to surreptiously log in as the original user (called a relay attack) after which it is regenerated and retransmitted."

I think that what I would like to do is to be able to set an absolute expiry timeout on the authentication cookie in the way that you can set an expiry time on a session. At the moment I have an application that uses its own authentication system & I control access via Http sessions (my servlets check if there is a current session and if not I redirect to a login page and at appropriate places in the app I end the session etc) but I would now like to use WebSphere's own authentication and would like the same level of control. I need to ensure that another user using the
browser has to log in afresh and not continue where the first user left-off so I need somehow to be able to "get rid" of the authentication cookie.

thanks

talking to yourself is said to be the first of madness.

I thought perhaps I could set the max age on the authentication cookie in my servlet but when I try to find it via getCCookies() I dont see it. Can someone please explain what I'm missing here?