I'm so sure I wrote this somewhere before, but I can't find it, so here it is.
There are 3 durations:
All of these values are expiration delays however, so you can technically keep a session open forever as long as you continue to be active.
The 60 minutes expiration time of the access token is currently not used to check for session expiration at all, so it's irrelevant in the context of cookie sessions.
So in effect a non-remember session currently expires after 2 hours of inactivity.
A remember session is unaffected by the lifetime of the symfony session. A new session and cookie will be created if the remember cookie exists and is valid.