Session settings are needed to protect the customer data from getting hacked. Imagine that your session timeout time is 2 hours; this implies that once an attacker obtains the session ID or once a session ID is generated, the session ID will remain active for 2 hours. It's advisable to set the timeout time value as low as possible.

The following screenshot shows the Session Settings page, where an administrator can configure the Timeout value under Session Timeout for his application users:

If you have logged in to Salesforce, sometimes you would have observed that we don't need to retype the complete login credentials; this feature ...