The expiration of the auth cookie and a session are not related, so they expire independently of each other.
And easy solution is to have the session timeout set to a large value, this way if they are logged in (auth cookie is valid), then the session will still be available.