Authentication persists via browser cookies. You can set a custom expiration period under "advanced options" in Site Navigation > Custom Login to require your users to log in again after a certain timeframe. The default setting is shown below.
Click the View Advanced Options dropdown:
Updated 6 days ago