Customers are observing that their sessions timed out and required new authentication / login sooner than expected. 

They also observed an edge case where an unauthenticated user opens two tabs and one of the tabs gets authenticated but the other one redirects to the login page.

This is expected behavior because UAA does not know about the application’s redirect_uri and redirects to the main login page whenever the request is unauthenticated.

On the UAA page in the TAS tile, the following values can be reset from their defaults:
 

1. Apps Manager access token lifetime
2. Global login session maximum timeout
3. Global login session idle timeout
 

For example, when we changed the timeouts to 28,800, sessions persisted for 8 hours. A session which persists this long will allow an employee to stay logged in for the duration of their normal work shift.