I'm not too familiar with the details of Geeklog's session handling, so take this with a grain of salt (and read the source if in doubt):
1) As you may (or should?) know, every user can set the cookie timeout in his/her Account Information - up until 1 year.
2) This does not mean that they will be logged in for a year, but only that the browser will store the cookie for a year. This is where Geeklog's session handling kicks in, since it will "forget" the user after a certain amount of time (and inactivity).
However, when they visit the site again after the session has expired, the browser will send the cookie it still has and the user is immediately recognised and logged in again.
For the implementation details, you'd better have a look at the source, especially at lib-sessions.php
As for the "never expires" option: I don't think you can have a cookie that never expires - the specification specifically asks for an expiration date/time for cookies and if you leave that off, it only means that the cookie expires when you close your browser.
bye, Dirk