The solution is that there is a second migration setting "Remove offline_access permission" that must also be enabled. Only when enabled with the "December 2012 Breaking Changes" migration setting will your application be able to obtain 60-day session tokens.
This has the unfortunate side effect of transforming existing never-expiring session tokens immediately into 60-day expiring tokens. Facebook said they would continue to honor existing never-expiring tokens, but given that both settings must be enabled, your application is forced to treat all users as having 60-day tokens.