Although this is a super old posting, I add this because I was looking for an answer here too. Unfortunately this setting is still not easily configurable in the global config and in general quite confusing.
In RT 4.4.4 you have to edit (untested for this file: or copy it as a local override to /opt/rt/local/html/Elements/SetupSessionCookie):
And add this below
$SessionCookie => undef
$Expires => ‘+8h’
This will set your session timeout to 8h. But be aware, RT doesn’t reflect that in the browser cookies expiry time, these are good as long as the browser is open. You have to run a regular cron job, to actually clean up expired sessions:
/opt/rt/sbin/rt-clean-sessions --older 1H
This command will clean up all sessions that haven’t been used in more than 1h past the expiry date (8h as set above). It won’t affect sessions that are actively used.
This concept is a little weird, as rt-clean-sessions without the --older options doesn’t do anything, and as far as I can tell from tests, the lowest older time you can use, is 1 hour (1H).