I do not have definitive intel on this, but after a recent upgrade to Sitecore 7.2 (rev. 140526) it was noticed users were getting logged out of Sitecore quite frequently.
It wasn't clear what had changed, if anything it seemed session timeouts suddenly worked.
Unsure if these log outs were a feature, fix, or something else, increasing the timeouts required changes in a few places.
Increasing Timeout In Sitecore
There are 2 (or 3 if you use session) separate values to update in the web.config.
Timeout for logging into Sitecore
<!-- AUTHENTICATION CLIENT SESSION TIMEOUT
Specifies the number of minutes before Sitecore considers user authentication session tickets as expired.
This setting is only relevant for users logging in to Sitecore Client and when the Sitecore license has a limited number
of concurrent editors.
All expired sessions will automatically be removed when a new user tries to log in and the maximum
number of concurrent editors has been reached.
The default is 60 minutes (1 hour).
-->
<setting name="Authentication.ClientSessionTimeout" value="180" />
Because Sitecore authentication leverages the .NET membership provider, this setting has to be changed as well.
Authentication Mode Timeout
<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows", "Forms",
"Passport" and "None"
-->
<authentication mode="None">
<forms name=".ASPXAUTH" cookieless="UseCookies" timeout="180" />
</authentication>
This last one tweak is only required if your SessionState is managed by database instead of by cookie.
SessionState Timeout
<!-- SESSION STATE SETTINGS
By default ASP .NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
Note that Sitecore does not support cookieless sessions
<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20"/>
-->
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="180" />
This post was authored using Markdown for Sitecore.