When you set the values of the PrivateTimeout and PublicTimeout parameters to specify how long you are inactive from Outlook Web App, the time-out session does not end immediately in a Microsoft Exchange Server 2013 environment .
This issue occurs because the LiveIdAuthentication module considers the ping request as a user activity and it breaks the time-out of the activity. Then, the time to live (TTL) time stamp refreshes the session.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Article ID: 3049771 - Last Review: Jun 16, 2015 - Revision: 1
Microsoft Exchange Server 2013 Enterprise, Microsoft Exchange Server 2013 Standard Edition