I have an old Phabricator install (from https://secure.phabricator.com/w/changelog/2019.08/) and no ability to upgrade at this point.
Some time ago (~2 weeks) session started to auto-expire after 1 hour of inactivity even when I keep Phabricator page opened all day long in a Web Browser.
Some code (I wasn’t able to identify which one), shortly after “/login/refresh/” URL is accessed to update CSRF token on 55th minute of each hour, is replacing “phsid” cookie with anonymous session identifier (“A/…”) while actual session in db still has “sessionExpires” in the next month.
Suspecting, that this is related to fact that server/Phabricator timezone has daylight saving time enabled (e.g. GMT+8 timezone), but user has timezone has daylight saving time disabled (e.g. GMT+2).