Find the answer to your question
What are the best practices for user session timeout management?
In general you should set some timeout in your application to whatever you feel comfortable with, here are some guidelines.
Question : Should we show an error when my Open eBay Apps session timeout?
Answer: Once session timeout is reached- present a message for the user to refresh the page
Question : Is there a way to tell that our Open eBay Apps is inside the ebay iframe?
Answer: Of course, your application would not get st, sig, and sp Render URL parameters if it was not.
Question: How long should our session expires? If we know we are running inside eBay WebTop iframe , can we leave a user session overnight?
Answer: You can trust eBay's authentication, but overnight is too long. The best practice is to set session timeout for 1 hr or several hours, then have the user do a page refresh.