Actually, I think what we really need to solve the problem is a bit sideways.
We need to make logins persistent. Like being logged into Facebook, you don’t have to log in again when you come back to the site, there’s a token in the cookie.
We made logins expire with sessions because we were thinking primarily about the sessions. The session - the basket - is what tickets go into, and the session needs to expire so that other people can get the tickets. And right now, your session is what gets logged in, and if your session expires, you need to log in again. If we find a valid authentication token that doesn’t match your session, we throw away the authentication token and make you start again. What we short do is log the session in the match the authentication token.
That way, members stay logged in. When they buy a membership the log in, and when they come back to the site a year later, they are still logged in, and can automatically see all the membership benefits.
Unless they’re on a different device, of course.