I think you're confusing different cookies.
bbsessionhash expires at end of session. Even if you have a bbsessionhash cookie, sessions are invalidated after 20 minutes of inactivity.
bbuserid and bbpassword cookies keep your login info. Those are what allow auto-login and get you a new session if your old one has expired. They should be valid for 1 year.
Imagine a pathologically idealistic, anti-religious, culturally-relativistic, iconoclastic, socially-irreverent, sociologically-progressive signature line here. Or don't.