The web is stateless. For example.
Your PC > Makes a request to > Web Server
Web Server: Hi!, you have no cookie, this is your first visit here, here's your file.
Your PC > Makes another request to > Web Server
Web Server: Hi! you have no cookie, this is your first visit here, here's your file (even though this is your second visit to the site)
Thing is, without a cookie being set onto your PC (and subsequently provided to the server on each request, the Server has no idea who you are. With cookies/sessions:
Your PC > Makes a request to > Web Server
Web Server > Sends a Cookie to > Your PC
Web Server: Hi, you now have a cookie, this is your first visit here, here's your file.
Your PC > Makes another request to > And sends its cookie it was previously given to > Web Server
Web Server > Checks to ensure cookie's related session data is available > Verified
Web Server: Hi, you've been here before, and I know who you are. Here's your file.
Web Server > Updates the session timeout to be 45 mins from this point to > Your PC
Then, if you don't make another request within that timeout, when you make another request to the server, your session "Timed out", and the Server issues you a new cookie.
If Firebug says the cookie you have is being set to expire 45 minutes from when you request it, then the cookie is being set properly. I notice you didn't answer whether your site is using subdomains. Is this the case?
