There is currently no official API to change this, however I think the easiest solution is something like this:
Create a new custom AccessToken class that extends
Flarum\Http\AccessToken with a custom expiration date. Register it using the
Flarum\Http\AccessToken::setModel method from a service provider. In the future there will be an extender for this, the access tokens have been designed with the ability to have custom types of tokens.
Flarum\User\Event\LoggedIn event, and if
$event->token is an instance of
SessionAccessToken, change its
$token->type attribute to your custom token type.
Starting with the next request, the token will use the expiration time of your custom token type.
We should probably make the session and remember durations customizable via a
config.php variable in the future.
Remember tokens are the intended solution for users who wish to remain logged in for long periods of time.