I thought it was years, but it cleans up within 1 hour.
According to Explanation: Form Authentication in ASP.NET 2.0 , "The default value is 30 minutes":
<system.web> <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="30" ...