Forms Authentication non-persistent cookie not expiring after closingthe browser

I have a typical ASP.NET 2.0 Forms authentication application which
authenticates against Active Directory. I use non-persistent cookie so
that the user is NOT remembered across browser sessions. The timeout
is set to 10 minutes. Here is the important code snippets that I took
from my original code:
>
string roleToCheck = .....;
FormsAuthentica tionTicket ticket = new FormsAuthentica tionTicket(1,
member.UserName , DateTime.Now, DateTime.Now.Ad dMinutes(10), false,
roleToCheck, FormsAuthentica tion.FormsCooki ePath);
string encryptedTicket =
FormsAuthentica tion.Encrypt(ti cket);
HttpCookie authSessionCook ie = new
HttpCookie(Form sAuthentication .FormsCookieNam e, encryptedTicket );
authSessionCook ie.HttpOnly = true;
authSessionCook ie.Expires = ticket.Expirati on;
Response.Cookie s.Add(authSessi onCookie);
FormsAuthentica tion.RedirectFr omLoginPage(txt UserName.Text, false);
>
Note that I'm setting the 2nd parameter to false which means that it
creates non-persistent cookie. Now I opened the IE browser and logged
in by entering the user credentials. I closed the window and there was
no other instance of IE running. I opened another IE and entered the
URL and it straight away went to default page instead of Login page.
>
1. Why is the cookie not expiring even after I close the browser?
2. If that's how the ASP.NET works, is there any work around so that
whenever the user closes IE and opens another IE, he should be forced
to login once again?
>
Thanks,
Hari.
>

Hari,
>
If you authenticate against the Active Directory, why not host your solution
under intergrated security?
>
That would solve a lot of your problems.
>
Kind regards,
>
Matthijs Krempel
>

Hi Matthijs - The reason that we are not using Integrated Security and
using Forms is because we have some external (limited) users who
access the application out of our network.
>
-Hari.
>
On Apr 9, 1:25 am, "Matthijs Krempel" <matthijs.krem. ..@hotmail.com>
wrote:>
>