That’s how HTTP Basic Auth works. The browser remembers the credentials for some amount of time and sends them with every HTTP request. I guess if you close the browser, it forgets the credentials.
Basic auth should not really be used for sessions. Use cookies instead.