diff --git a/include/auth.php b/include/auth.php
index 62ca3563a4..8512abe486 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -179,6 +179,10 @@ if (isset($_SESSION) && x($_SESSION,'authenticated') && (!x($_POST,'auth-params'
 			goaway(z_root());
 		}
 
+		if ( ! $_POST['remember']) {
+			new_cookie(0); // 0 means delete on browser exit
+		}
+
 		// if we haven't failed up this point, log them in.
 		$_SESSION['remember'] = $_POST['remember'];
 		$_SESSION['last_login_date'] = datetime_convert('UTC','UTC');
diff --git a/include/security.php b/include/security.php
index 93df6ff255..23fc400b3a 100644
--- a/include/security.php
+++ b/include/security.php
@@ -141,9 +141,6 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 			new_cookie(604800, $user_record);
 			unset($_SESSION['remember']);
 		}
-		else {
-			new_cookie(0); // 0 means delete on browser exit
-		}
 	}