1.The lifetime of the session cookie basically is unlimited. It is valid until a logoff is performed.
The used cookies in order to login are:
.DWPLATFORMAUTH: This is the actual session cookie, that you have to send, to prove, that you are authenticated
.DWPLATFORMBROWSERID: This cookie stores additional information about the used client (e.g. a Browser)
Exist he the possibility of setup a session time out going to the organization settings, inside the security tab.
2-The token is unlimited but it is possible to set up the lifetime in the body-
<?xml version="1.0" encoding="utf-8"?>
<TokenDescription xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" Usage="Multi" Lifetime="14.00:00:00" xmlns="http://dev.docuware.com/schema/public/services/platform">