All these features hinged on a reliable session management system. The 30‑minute idle timeout balanced security (reducing the window for session hijacking) with usability (preventing constant re‑authentication for active users).