Turns out that more than 1% of users clocks are more than a year out of date, this causes cookies to never get deleted since the date is in the future.

Scott MacVicar · Scott MacVicar · commit b966897a0d74 · 2011-05-10T19:09:24.000Z
I can only guess its due to batteries on the motherboard being dead.
diff --git a/ext/standard/head.c b/ext/standard/head.c
@@ -114,10 +114,9 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
 		/* 
 		 * MSIE doesn't delete a cookie when you set it to a null value
 		 * so in order to force cookies to be deleted, even on MSIE, we
-		 * pick an expiry date 1 year and 1 second in the past
+		 * pick an expiry date in the past
 		 */
-		time_t t = time(NULL) - 31536001;
-		dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, t, 0 TSRMLS_CC);
+		dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, 1, 0 TSRMLS_CC);
 		snprintf(cookie, len + 100, "Set-Cookie: %s=deleted; expires=%s", name, dt);
 		efree(dt);
 	} else {
