you can change the session timeout using advanced custom setting
https://docs.mendix.com/refguide/tricky-custom-runtime-settings/
SessionTimeout
Defines after how much time the session becomes invalid (in milliseconds). After that timeout, a session becomes applicable for removal. The session won’t be destroyed until the next time the cluster manager evaluates the active sessions.
default : 600000 (10 minutes)
for 3 hours you could change it to 10800000
I would suggest using an identity provider in combination with the OIDC module.