Yev here -> we're taking a look at the sessions and possibly implementing a "hey are you still here"-type thing that a lot of banking institutions use. The thought being, if you've logged into your Backblaze account and left the computer open and unmonitored folks have access to your data (granted they also have access to your computer - but you can log in to Backblaze from any device to do restores - so we went with short-ish sessions).
They're not 'short-ish', they're shorter than... every actual 'session' I have with the site.
They're so short that I've been checking cookies and wondering what I'm blocking that's breaking it until I saw other comments here.
There doesn't seem much utility to me in having the website session expire before the screen locks - apart from anything else the computer quite likely has B2 keys or the consumer app installed if it had the website logged in.
You'd really think these would be companies that would make a better job of this sort of thing - 'tech 4 tech' companies if you will.