This was fixed in this commit on Apr 16, 2014.
protected override async Task ApplyResponseGrantAsync()
...
DateTimeOffset issuedUtc = Options.SystemClock.UtcNow;
(-) DateTimeOffset expiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
context.Properties.IssuedUtc = issuedUtc;
(-) context.Properties.ExpiresUtc = expiresUtc;
(+) if (!context.Properties.ExpiresUtc.HasValue)
(+) {
(+) context.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
(+) }
Options.Provider.ResponseSignIn(context);
if (context.Properties.IsPersistent)
{
(+) DateTimeOffset expiresUtc = context.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
cookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
}