The exact reason is that PHP has a default timeout for handling sessions. Once you log on the site, your "session" starts, and everytime you'll make an action, like reading a post, writing a post, even refreshing the page, the session timeout will "reset", as if you were telling PHP "hey I'm still here, don't kill me!". The default session timeout in PHP is about 20 minutes, meaning that 20 minutes of inaction will destroy your session. I'm not sure if Rich changed it though. The reason why there is a timeout with sessions is for security reasons. Let's say you log on your bank account through the internet and forget to log off... If there were no session timeout, the next person using your computer, even the day after, would have total access to your session.
I'd personally make the timeout at least an hour, since we're not trying to protect critical data like credit card information.
