This setting controls how long, in minutes, a user's session will last. While it is wise to keep this value short for efficiency's sake, there are cases where that's just not enough time for users to get things done in your application (for example, if you have a client-side tool where the user is changing properties but not making requests to the server until they are done). The default is 20 minutes, and once 20 minutes of inactivity has occured, the session expires and all session variables are lost. You can increase the session timeout in an ASP page or in global.asa's Session_onStart() method with the following code:
Session.Timeout = 45
To change this value for an entire application, open Internet Services Manager, go to the Home Directory tab of the application, click on configuration, and alter the Session timeout field on the "App Options" tab. This metabase setting is also exposed to ADSI.