2
This could be caused by not having the XOOPS_URL and/or PHYSICAL_PATH in mainfile.php set to exactly where the website is located. This means that redirects do not work, as XOOPS checks the URL you logged into to the URL you are at, and if the base URL doesn't match (ie.
http://www.xoops.org vs. xoops.org without www), you're not recognised as logged in.
Another cause may be the firewall issue. Firewall software could block the HTTP_REFERRER being sent to the website, thus making the above check impossible. Add the site to the trusted sites list and it'll be fixed.
As for the session duration, yes that is supposed to happen. You can set the session length in the system admin -> general settings -> preferences page, but I'd like to add a note of caution. Since XOOPS uses a database for its sessions, keeping them alive for a looong time will limit the number of users you can have on a site, as the available connections to the database aren't cleaned up when people leave. This will eventually clog the database, and thus the site.
Herko