Does requiring log in every n hours actually increase security for a web app, if login info is stored in browser? [duplicate]
A web application I use forces log in again every 12 hours.
I'm struggling to see exactly how this increases security, considering the browser has user and pass pre-filled, and I simply have to click "log in" button again.
AFAIK, there's no advanced security involved. No checking of change of location, device, IP etc. I suspect there's literally only "if(lastlogin >12 hours) showLoginPrompt()". MFA is not even supported.
It does not "sign me out" either - after 12 hours, the pages open will remain visible, showing all data - it isn't until I click a link I'm asked to login again (some parts of the page actually still works without triggering login).
Can anyone enlighten me on exactly how this behaviour is more secure than just keeping me logged in?
