By default, sessions do not last a lifetime, but die when the user closes their browser. There is a time limit (usually about 20 minutes or so), so that if there are no new requests (user browses to another page, etc) the session will just time out.

Sessions will set a cookie, but only to keep track of the user and the session... there is a session file on the server that cooresponds to this cookie, and this is how their session is recognized by php on the next request.

You can override this in PHP.ini, including not using cookies (which will pass the session identifier as a query string variable)... but this is not recommended for security.

If you can avoid setting your own cookies, and store info in the session, then I recommend doing so. However, if you need information to last longer than the session, then cookies are a decent choice, but just use them sparingly.

And don't worry about using Zend_Http_Cookie and Zend_Controller_Request_Http or anything... Just call setcookie() as normal.