As of Servlet 3.0, this can simply be specified in the web.xml:
<session-config>
<session-timeout>720</session-timeout> <!-- 720 minutes = 12 hours -->
<cookie-config>
<max-age>43200</max-age> <!-- 43200 seconds = 12 hours -->
</cookie-config>
</session-config>
Note that session-timeout is measured in minutes but max-age is measured in seconds.