Unfortunately I've seen this issue in two different projects over the last few years. Sitecore uses a visitor identification sublayout to determine whether a site visitor is a bot or an actual human visitor. If you are a bot, your session times out much faster (1 minute, by default) than the session timeout value you would have otherwise configured.
The first time I saw this, it was an intermittent issue as the visitor identification sublayout was only missing on certain pages. Whether the user had a normal session duration or the shorter (a.k.a. "Why have I been logged out?!") duration depended on their path through the site.
The visitor identification sublayout should be included on every page. The easiest way to do this is to include it in your masterpages/layouts:
// Webforms <sc:VisitorIdentification runat="server" /> // MVC @Html.Sitecore().VisitorIdentification()
This renders out a stylesheet tag - if your browser actually requests this file, you're probably a person and it marks your session as 'not a robot'. If you don't load this empty stylesheet, you're probably a robot and you'll have the much faster logout. The exact session timeout is configured as:
<setting name="Analytics.Robots.SessionTimeout" value="1" />
Rather than adding the VisitorIdentification sublayout to every page, there is also the thermonuclear option of disabling the robot detection entirely by setting this value to false:
<setting name="Analytics.AutoDetectBots" value="false" />
More information is available in the Sitecore documentation on how to configure the robot detection component.