Actually Scream, even if the cookie data was set to be there forever then that wouldn't make it so you don't have to log out because the server keeps the data in a file in /tmp and PHP has a method for destroying these files on a random basis when they "expire". If you run phpinfo(); in PHP4 you'll see that info down a bit. gc_maxlifetime and gc_probability are the two variables that define this. gc_probability the the percent chance that the file will be destroyed. With a recommendation from Zend and my personal recommendation 5-10 is a good value for this and gc_maxlifetime is how long you want the session data to be valid. I think it's a little mislabled because I think gc_maxlifetime actually is how long the data is saved then the probability to destroy it comes into play only when the server isn't too busy or something like that I'm not 100% sure about that.
