Hello, I need to change my forum so that the cookies do not persist after the browser is closed. As I understand it, this is done via the Set-Cookie HTTP Header by removing the 'Expires' tag, but I don't know where to change this or what specifically to change it to. I've been told this has privacy and security implications, any advice on changing this?

If the user doesn't click the Remember Me box, then the cookies should not be persistent. So, if you removed the Remember Me box from the login screen and then changed the cookie prefix in the config.php file, I believe you will get what you want without having to modify the cookie code.

Is there a way to make all cookies session cookies, in addition to removing that? I'm not sure how the scan works or what exactly it's looking at, i've just been told by the security guys "Your site here uses persistent cookies, disable that". How do I disable the 'Remember Me' box? A quick search says it's in the header template. Specifically these lines:
<div id="remember" class="remember">
<label for="cb_cookieuser_navbar"><input type="checkbox" name="cookieuser" value="1" id="cb_cookieuser_navbar" class="cb_cookieuser_navbar" accesskey="c" tabindex="103" /> {vb:rawphrase remember_me}</label>
</div> Also the vbulletin cookieprefix would be the value at the line starting in: $config['Misc']['cookieprefix'] ?

Just remove that lines from the template (or use CSS to not display it).

Thank you for your help! I've done both of your suggestions and it appears to have worked. I