The long log-in duration doesn't really bother me in and of itself. No-one uses my computer without my permission, and no-one uses my browser, period (I create new accounts for people).
If you really wanted, you could shorten the session lifetime and automatically renew it upon each use, perhaps up to some limit.
That might work for you, but not everyone. General website authentication systems need to work for the masses. And the whole point is shortening the session makes this system very inconvenient to use.
If you really wanted, you could shorten the session lifetime and automatically renew it upon each use, perhaps up to some limit.