Drupal lets users to stay logged in until they log out. This may not seem logical to you, but it makes a lot of sense to people writing large posts, or willing to resume writing after a pause: they may get disappointed, if after a long day's work they submit their post and get an error because their session has expired.
That said, you may review the Automated logout module, which seems likely to help you with your application's requirements.