High-security systems or those that are publicly accessed and are likely to be heavily shared (such as kiosks) must have a timer to exit the session and/or lock the system after a period of inactivity.
Try to avoid the use of Timeout as a solution to load and for security. If sessions must expire due to the method by which they have been built, consider making this transparent.