For those looking for the answer, I did get a helpful response from Bubble support:
If you are setting this up in a workflow using the “Log a user in” step, you can try unchecking the “stay logged in” box. This will expire the user’s session after 24 hours. Users with this parameter checked, however, will receive a cookie of length 365 days.
There isn’t currently a way to manually set the expiration time, but it has been suggested as a possible feature for future updates.
For my use case, 24 hours is much better than 365 days, so this will solve my problem. Hopefully the expiration time will become manually adjustable in a future update.