Session timeout parameters should be separate for "Requesters" and "Service Agents", and having the option to customize parameters for each group separately would provide a more targeted security feature to the platform.
