My personal advice is to do this as a combination of a relatively short expiration cookie and a large number of expiration cookies.
The first part is your standard weekly weekly / monthly authentication cookie, which you update for each request or after a certain period of time, or any other rolling expiration scheme that you want to use.
In the second part, you remember the user's identity in the cookie for six months / year. This is not an authentication ticket, but only a reminder of the identity, so if the user returns after the expiration of their session, they will receive a greeting and you can choose to display insensitive personal information, for example, the number of letters in the inbox or something in like that, but in order to actually access any confidential information, they must be authenticated.
This will allow your regular users (attend every day or week) a continuous session without expiration, while maintaining authentication tickets with a relatively short time frame. At the same time, for people who return after more than a month, you can still give them an individual experience, but their account is protected. I don’t think anyone would really have a problem if you ask them to authenticate in order to access certain parts of their account after a month of absence, even if they checked the remember me / remember my password checkboxes.