When a user leaves a tab open and returns to it, why are they logged out when CP_LOGIN_MAX_TIME has not elapsed?
Oracle B2C Service Customer Portal (end-user pages), version-independent
Users may keep the Customer Portal open in a browser window for awhile with no activity. For example, they could be attending to other matters or taking a lunch break. In this case, after an hour of inactivity the user would be logged out and need to log in again. CP_LOGIN_MAX_TIME was set to 0 (no hard session limit). The users were authenticating via single sign-on and SSO_IDP_SSO_SESSION_EXP was set to 480 minutes (8 hours).
The configuration setting CP_LOGIN_COOKIE_EXP determines how long a user may be inactive before their login cookie expires. The default setting in this case was 60 minutes, so users who had been away for over an hour would be logged out. Changing the setting to a higher value, or -1 to make it a session cookie, would allow the user to still be logged in in this scenario.