I think you're confusing different cookies.
bbsessionhash expires at end of session. Even if you have a bbsessionhash cookie, sessions are invalidated after 20 minutes of inactivity.
bbuserid and bbpassword cookies keep your login info. Those are what allow auto-login and get you a new session if your old one has expired. They should be valid for 1 year.
"Think about it a little more and you'll agree with me, because you're smart and I'm right." --Charlie Munger
Dreams and schemes and circus crowds...