We have to expire them at some point since we do authentication using cookies. Let's give this a shot for a while and see how it goes, and then bump it up from there. Maybe the next version of the site can have cookie management so that people can choose never to have their accounts expire, etc.