I propose to raise the default ($wgCookieExpiration) at least to 90 days from current 30.
This setting was supposed to combat leakage of logged in sessions by making them expire before before an attacker grabs them. However, cookie expiry does little to stop bad guys and annoys good ones:
* Once you've left a public PC without clicking on "log out", your session is already compromised, even making cookies session-only won't help. * If nobody looks specifically for your session, they can stumble upon it accidentally, while browsing the same site as you did. Lowish expiry time can indeed help lessen this possibility, however with Wikipedia's popularity there's pretty solid chance that someone will visit it from a public teminal within hours, not days. Less popular sites are, on the other hand, protected by smaller possibilities of someone looking for them. * MediaWiki provides no way to adjust preferences without having an account, so advice "register and set this or that in 'my preferences'" is pretty popular these days. However, the need to log in every month which is mildly annoying for wiki regulars, may have a drastic effect on casual visitors. "You told me to register and when I did, I had to relogin after a couple of visits!!1"
Taking this all into account, I see no reason to keep the current default.