When you set the values of the PrivateTimeout and PublicTimeout parameters to specify how long you are inactive from Outlook Web App, the time-out session does not end immediately in a Microsoft Exchange Server 2013 environment .
This issue occurs because the LiveIdAuthentication module considers the ping request as a user activity and it breaks the time-out of the activity. Then, the time to live (TTL) time stamp refreshes the session.
To resolve this issue, install Cumulative Update 9 for Exchange Server 2013.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about the OWA time-out settings for public or private computers, see How to Configure Public and Private Computer Settings in OWA 2013.