This is nuts, you're totally overthinking this.

You never need to call Liferay.Session.extend(), all you need to do is set auto.extend to true. Liferay will call Session.extend() for you.

Normally you're going to pick between two basic scenarios:

• Users must maintain activity within a certain timeframe or their session expires and they are logged out.
• Users can stay logged in as long as their browser is open and they have connectivity to the server.

For case 1, you set session timeout in ROOT/WEB-INF/web.xml and sync the value with portal-ext.properties. Here you may or may not use the warning (if you want to notify users they are about to be logged out) and disable auto.extend.

For case 2, you also set session timeout in ROOT/WEB-INF/web.xml, but you set it for a short timeframe, like 3 or 5 minutes, and you also sync with the value in portal-ext.properties. Here you'll often disable the warning but enable auto.extend (warning isn't needed since the session will extend for the user).

But you have a weird mix going on. First the long timeout means a user can get up and walk away from their terminal but the session will remain open for a full hour. Warning and auto extend are disabled, so after 60 mins the user will be logged out. You don't have to call Session.extend() because the timer resets every time you submit a request.

My recommendation is not to overthink your session handling. Pick option 1 or 2 above and implement as per I described for your case.