You may want to first read about the difference between a session and a cookie.
There are two cookie management levels. You can set the cookie management settings at the application server level, or at the application level. The settings at the application level will take precedence over the settings at the application server level.
Application:
Application server:
The default, the cookie will be removed when every browser tab is closed. This can be changed so that the cookie is removed after x seconds. In this example, the cookie will be removed after 60 seconds. After making this change, restart the application or restart the JVM for this change to take effect.
Viewing the cookie in the browser confirms that cookie will only survive for 1 minute. This isn't very pratical for a web application, but would probably be ideal for a backend service.