It does expire.
Make sure you do not have any background ajax activity as it extends the session (SlidingExpiration is true by default).
Also I had to manually delete the old cookie after I changed ExpireTimeSpan from the default 14 days to a smaller value.