How long should login session be?
It considers that longer idle time outs (15-30 minutes) are acceptable for low-risk applications. On the other hand, NIST recommends that application builders make their users re-authenticate every 12 hours and terminate sessions after 30 minutes of inactivity.
What is the standard time to login in website?
Standards: What Is a Good Response Time
A web response time ranging between 200 milliseconds and 1 second is considered acceptable as users still likely won't notice the delay.