So the explanation of this functionality could be found directly on the website of Microsoft:
... and this is a default behavior of Microsoft. The session cookie will expire 30 minutes after the user is logged-out.
The ultimate solution if you want to avoid this is to configure your website for SSL.
Best regards, Martin