Our session timeout is low, largely for historical reasons. Currently it is set to 2 hours.
These days it's pretty typical to stay logged into accounts for very long times. I don't even remember the last time I logged into Facebook because it keeps me logged in.
We should be looking to extend the session timeout, perhaps with a "Keep me logged in", or "Remember me" checkbox at login.
I believe that Facebook use a 3 month timeout. Why don't we bump ours up considerably.