I work for a very well-known publishing / corporate site that
attracts a high number of C-level global visitors. Our Security IT
department has has asked us to change our login procedures to
auto-log out user after 30 minutes (like a bank) as opposed to never
auto-expiring a login authentication cookie.