Session/Token expiration when user has not logged in for weeks

[max1020]

what is the best way to handle the case when a user has not logged in for - say - 4 weeks? sessions and token have expired by then.

regarding the sessions, in the settings file there are those values (from https://www.drupal.org/node/590832)

ini_set('session.cache_expire', 2000000);
ini_set('session.cache_limiter', 'none');
ini_set('session.cookie_lifetime', 2000000);
ini_set('session.gc_maxlifetime', 2000000);

apart from increasing those values in the settings file, any suggestion how to implement a fool-proof and performant login mechanism? some thoughts on the general implementation are appreciated!