I can confirm the problem in Joomla 3.8.0 and Joomla 3.7.5

Status on Issue Tracker set on "Confirmed".

Thanks for confirming @AlexRed

I can't reproduce. I upgraded from 3.6.5 to 3.8.0, changed my session from 15 to 2 minutes, signed out and back in again, then waited about 30 because i got distracted. But when I came back to the admin panel, and went to a different page I was signed out.

If you are on a frontend page that triggers the keepalive behavior (this can be seen in the page's source, look for keepalive.js being loaded), then it is expected that the session won't expire. Joomla core commonly loads this on pages with form actions to avoid the possibility of the "invalid token" error message (if the session expires before you've submitted the form the token wouldn't be valid because the value is stored to the session for comparison).

In my Frontend I don't have any Form actions.

Cannot confirm.

Logged into https://downloads.joomla.org/ backend, set session time to two minutes. Logged into the frontend, navigated to https://downloads.joomla.org/latest and verified that the keepalive behavior was not loaded. Went and read some other stuff, came back about three minutes later and navigated to another page. Checked the footer (we have some conditional code in our template that changes the "Log in" text to "Log out" when authenticated), I had been correctly logged out.
Navigating to the login page gave me the login form, not the log out button.

nirovi remember also the "login form" module is a form. Also if you are logged the login form is here.
If you use the login module in frontend the users session won't expire

Unable to reproduce

@nirovi any Updates on this Issue?

Hi, for me the problem is still there. The front end session does not expire. This is for me a security problem in case the logged user is a publisher. I have in all page a log out botton. But I did not find the keepalive function. How Can I solve this behavour ?

The login module I'm using is : BT Login Module Version 2.6.1 BT

Thanks.

unpublish that "BT Login Module Version 2.6.1 BT" module maybe is not compatible with 3.8
and use the core login module in the meantime

also with the core login module the users session won't expire like explained by mbabker. All forms load the keepalive.js

Actually the BT Login Module does not support keepalive functionality - it does not have the line JHtml::_('behavior.keepalive'); ie it does not force the session not to expire

Also I use this module on a few sites. I can not confirm that this module is forcing the session not to expire.

So in conclusion your issue is not with the BT Login Module

Perfect if is not this module, how can i find the keepalive module in my websiste?

You would need to read the code. OR try disabling all the modules one at a time. Either way it is not an issue with the core which is working correctly. I am closing this here. If you need further support please use the forum https://forum.joomla.org