Syntax to set session cookies
session_set_cookie_params($lifetime, $path, $domain, $secure, true);
session_set_cookie_params('3600', 'www.example.com', isset($_SERVER["HTTPS"]), true);
A1: Your above code looks ideal, as long as it follows the PHP documentation page, who are we to say otherwise;
A2: This all just depends on exactly what this is being used for. In banking, some like to kill the session within minutes of inactivity. In gaming or social networking, these settings tend to be more relaxed and lenient as to give the user more leeway;
A3: Yes, you would have to change the cookie to reflect the new subdomain admin change. If you wanted to set a global cookie (that works on all subdomains):
session_set_cookie_params('3600', 'example.com', isset($_SERVER["HTTPS"]), true);
Hope this helps!