Hi everyone, I was wondering if it's possible to modify the webstore session timeout value ? Currently a user is logged out after 20 minutes of inactivity. What if I want to provide a "Stay Signed In" option to the user while logging in so that the session times out only when user explicitly logs out ?

This is not possible. It is a PCI requirement to kill inactive sessions after 20 minutes. Some people have implemented features that track the session time (indirectly) and then prompt the user to refresh their session by performing some interaction with the server, which is fine. However, automatically refreshing the session is not permitted.

As of 2017, PCI-DSS required timeout after 15 mins. If I remember correctly, I have timed our instances within NetSuite to timeout at 1000 seconds before. Which oddly is 16.6 minutes.