We have a website running on IIS7 and coded using PHP. We let users(Admin) to specify a value for session lifetime in admin page. So users will be automatically log out once it reaches/exceeds configured session lifetime(inactive). It works properly for some values say 15mins-2hrs but some users want it to be even more high. So they set it to 9000 mins but users are logged out automatically even before reaching 9000 mins.
My question: Is there any setting in IIS that is overriding session lifetime(inactivity)? May be it is true if it is a .NET website (I am just guessing) but ours is PHP based.