diff --git a/config.TEMPLATE.inc.php b/config.TEMPLATE.inc.php
index b8862bad4a..2656a8204f 100644
--- a/config.TEMPLATE.inc.php
+++ b/config.TEMPLATE.inc.php
@@ -45,8 +45,9 @@
 ; Session cookie path; if not specified, defaults to the detected base path
 ; session_cookie_path = /
 
-; Number of days to save login cookie for if user selects to remember
-; (set to 0 to force expiration at end of current session)
+; Number of days a session remains valid while idle (minimum 1 day)
+; Values less than 1 are clamped to 1 day
+; To expire sessions when the browser closes, use session_expire_on_close in [security]
 session_lifetime = 30
 
 ; SameSite configuration for the cookie, see possible values and explanations
@@ -268,6 +269,9 @@
 ; migration of old password hashes.
 encryption = sha1
 
+; When set to On, expire cookie-based sessions upon closing the browser window.
+session_expire_on_close = Off
+
 ; The unique salt to use for generating password reset hashes
 salt = "YouMustSetASecretKeyHere!!"
 
diff --git a/lib/pkp b/lib/pkp
index d96df434d9..f87bb4a2fd 160000
--- a/lib/pkp
+++ b/lib/pkp
@@ -1 +1 @@
-Subproject commit d96df434d932e0826bf9bfe4af01852c393237cb
+Subproject commit f87bb4a2fd72ef3f8cb970138e4fe845009e13a3