I do not have definitive intel on this, but after a recent upgrade to Sitecore 7.2 (rev. 140526) it was noticed users were getting logged out of Sitecore quite frequently.
It wasn't clear what had changed, if anything it seemed session timeouts suddenly worked.
Unsure if these log outs were a feature, fix, or something else, increasing the timeouts required changes in a few places.
Increasing Timeout In Sitecore
There are 2 (or 3 if you use session) separate values to update in the web.config.
Timeout for logging into Sitecore
<!-- AUTHENTICATION CLIENT SESSION TIMEOUT Specifies the number of minutes before Sitecore considers user authentication session tickets as expired. This setting is only relevant for users logging in to Sitecore Client and when the Sitecore license has a limited number of concurrent editors. All expired sessions will automatically be removed when a new user tries to log in and the maximum number of concurrent editors has been reached. The default is 60 minutes (1 hour). --> <setting name="Authentication.ClientSessionTimeout" value="180" />
Because Sitecore authentication leverages the .NET membership provider, this setting has to be changed as well.
Authentication Mode Timeout
<!-- AUTHENTICATION This section sets the authentication policies of the application. Possible modes are "Windows", "Forms", "Passport" and "None" --> <authentication mode="None"> <forms name=".ASPXAUTH" cookieless="UseCookies" timeout="180" /> </authentication>
This last one tweak is only required if your SessionState is managed by database instead of by cookie.
This post was authored using Markdown for Sitecore.