Hello
There are two settings controlling the session length and the connection length
The Login timeout will tell you how long you can be logged in to PAM being idle before you get disconnected. The Applet timeout is the same but for a given applet. If you set 0 for any of them, that sets them to the max possible timeouts, which are 48 hours.
The way in which it works is a bit tricky. Please see
https://docops.ca.com/ca-privileged-access-manager/2-8/EN/reference/web-gui/menu-bar/global-settings-menu-bar-reference
Basically the logi timeout will start counting and it will interrupt if you have an applet session open (e.g. rdp). If the applet session times out, then it will restart counting until the login timeout expires.
You mention your sessions were open for 5 days. That is a bit odd, but still possible, since if one of these values is 0 it means the corresponding timeout will be 48 hours,
To follow up on your sessions you may go to Sessions and manage sessions therein and you will see the session time, etc. If you see anything anomalous or contrary to the above explanation, please open a case for us to look into this
Please let us know if this helped
Miquel Gilibert
CA Support