Login state is maintained in the session, so technically you can set the session cookie timeout to years to prevent session expiry, but that also means none of the other session data will expire.
It is better to use the "remember me" functionality of the Auth package. You can set the remember-me timeout in the simpleauth/ormauth config file. The default value is 31 days (since last login).
As I wrote, you can simply set the session cookie timeout to something very long. But that may have side effects, so it is not advised. It is your app, so ultimately your call...