In cherrypy is there a configuration option so that sessions do not have a "timeout", or if they do, expire immediately when the browser is closed? Right now tools.sessions.on is true and tools.sessions.timeout is 60 minutes.
You can't be completely sure about any option, but this are some possibilities.
Listen for an beforeunload event, and make a final request to the server to invalidate the session.
Have a very short expiration time on the sessions and a recurrent call to the server via ajax just to keep alive the session while the page is alive. This could cost you a LOT of requests, but will invalidate the session when the user closes the webpage.
Pass your state via POST requests, but that is a bad idea a painful one that is usually used on the bank pages.
There is more information related on the docs here and here.