1.The lifetime of the session cookie basically is unlimited. It is valid until a logoff is performed.
The used cookies in order to login are:

 .DWPLATFORMAUTH: This is the actual session cookie, that you have to send, to prove, that you are authenticated
 .DWPLATFORMBROWSERID: This cookie stores additional information about the used client (e.g. a Browser)
Exist he the possibility of setup a session time out going to the organization settings, inside the security tab.
2-The token is unlimited but it is possible to set up the lifetime in the body-


POST /DocuWare/Platform/Organizations/1/LoginToken

<?xml version="1.0" encoding="utf-8"?>
<TokenDescription xmlns:xsi="" xmlns:xsd="" Usage="Multi" Lifetime="14.00:00:00" xmlns="">