I think you're confusing different cookies.
bbsessionhash expires at end of session. Even if you have a bbsessionhash cookie, sessions are invalidated after 20 minutes of inactivity.
bbuserid and bbpassword cookies keep your login info. Those are what allow auto-login and get you a new session if your old one has expired. They should be valid for 1 year.
“The egg hatched...” “...the egg hatched... and a hundred baby spiders came out...”
“Who are you?” “A friend. I'm here to prevent you from making a mistake.” “You have no idea what I'm doing here, friend.” “In specific terms, no, but I swore an oath to protect the world...”
“It's a goal you won't understand until later. Your job is to make sure he doesn't achieve the goal.”