I was shocked to return to a clients the other day, to find my webmail session from the previous week still open in a browser tab, and still fully accessible!

Unfortunately a staff member read some of my comments and this has caused me to lose work! 

I find it incomprehensible that a webmail session can still be live on Monday when started on the previous Friday?

Surely the session timeout should be a matter of 1hr max?

How do I ensure this horrendous situation does not happen again [apart from obviously me remembering every time to log out]

This is one automated feature I think is 'essential to security'