Keeping session alive while user continues interaction with server is an usual and convenient feature, however it is missing currently in stock modules (auth_form + session). Suggested enhancement is to add "AuthFormSessionRenew" flag, which would refresh session (i.e. reset expiry) each time the user issues a request and passes authentication. Please see the patch attached.
Created attachment 23949 [details] Suggested fix. Argh, seems the patch did not attach initially.
mod_session should renew on each hit by default, there should be no need for an additional switch for this. Can you confirm if the latest v2.4 or trunk still shows a problem?
Alternative fix applied from PR47476.