We get asked about a ‘timeout’ in the Web module, and while there is a timeout setting in the system configuration it is important to understand exactly what it controls.
When people talk about timeout they usually mean ‘inactivity’, i.e. how long a user can sit inactive before the application returns to the login screen.
This isn’t possible in the Web module.
The ‘timeout’ setting here refers to the length of time that the authentication cookie is valid after a successful login. Once it expires the user is prompted for their username/password again, regardless of whether they are active or not. For this reason the validity is set to a high value (48 hours in early releases, 24 hours in later ones).
You can set the validity to a low value, but be aware that you could inadvertently be setting up for a situation where someone is returned to the login page while working.

To set the value (for the Web module):

• Open the file WebUI\web.config in a text editor or App Manager
• Locate the setting <add key="timeout" value="1440" />
  The value is the validity period in minutes. Changing this changes the session length
• Save
• Now open the file FBA\web.config
• Locate and change the same setting in this file
• Save