There is an expiration date on the card (the lock keeps time). However, with the crypto vulnerabilities I'm going to be announcing, it's possible to manipulate cards to change the expiration date or increment the code key value (which is what gets cycles); this would allow you to continue using a card indefinitely.
You can't make cards out of nothing, though, so that helps mitigate it.
Thanks for your (patient) answering of my questions. It's funny how just asking how things work sort of naturally leads to thinking about vulnerabilities, eh? :)
So they set the card to expire when you plan to check out. But I've extended my stay (and done late check out) and I didn't have to get a new card. Why did my room lock let me back in without getting a new or rewritten card?
I don't know about other systems, but with Onity systems you have to get a new card to extend the expiration date. Of course, it's possible they gave you a card with the incorrect expiration in the first place; happens all the time.
You can't make cards out of nothing, though, so that helps mitigate it.