I am setting a cookie using CGI.pm in the first script, retrieving the value and using that in subsequent scripts.

$cookie = $query->cookie( 
-name => 'newcookie',                    
-value => $newcookie,        
-domain  => '.xyz.com',
-expires => '',    
-path => '/'
);
[download]

If I set -expires => 'somevalue', I see the cookie in text format in the folder that has all the cookies.. (for example, C:\Windows\Cookies )but if I don't set a value for -expires => '', I don't see the cookie saved to the hard drive.

Is there any other way a user can find out the cookie, if -expires is not set (as it doesn't save the cookie as a text file)? Does the cookie expire when the browser is closed? Is this a safe way to pass encrypted password to subsequent pages?