Put a hard-limit on session time-out for portal sessions. The session time-out is configurable via the web.xml or the application server.
However this time-out is reset when a user interacts, its as inactivity time-out value.
The requirement here is to have a time-out based on a time-limit, no matter how much activity the user has.
This feature will be turned off by default and configured via the Spring configuration for the portal.