First, you need to log onto the storefront server and make the following modifications:
Modify this element:
<authentication tokenLifeTime="8:00:00" method="Auto" />
Obviously if your timeout is going to be less than 8 hours, no need to make any changes. In my environment I changed it to 12:00:00.
also, modify this element:
<sessionState timeout="20" />
This one is in minutes, so for my purposes I changed it to "720".
Change all maxLifetime="" attributes to the duration you desire. There are 3 elements that have the attribute defaulted to 1:00:00 and one that has it defaulted to 20:00:00. In my environment I changed all 1:00:00 values to 12:00:00.
Once this is all done, you need to open up a command prompt and run iisreset in order to get IIS to reread the web.config files. This will take down storefront for a little while, and reset all current user sessions, so you have been warned.
Lastly, if you are using a NetScaler, you will need to change the Global Session Timeout located at Access Gateway => Global Settings => Change Global Settings => Client Experience => Session Time-out (mins). I changed mine to 720, there is a screenshot below for you to reference:
That should do it! Please feel free to reach out to me here or on Twitter if you have any questions.