As you are using open source version and not pro version I am not sure how this apply, however it is a good hint.
I manage some Rstudio Pro servers and we configured it.
For login lifetime the correct options are describe here
http://docs.rstudio.com/ide/server-pro/authenticating-users.html
By default, the lifetime for user credentials to RStudio is 30 days. If you want to change that the option is
# /etc/rstudio/rserver.conf
auth-stay-signed-in-days=7
You can disable any lifetime and ask authentification at each connection with
# /etc/rstudio/rserver.conf
auth-stay-signed-in=0
Currently, you used session-timeout-minutes=30. That applies to an r session opened on the server and not closed or suspended manually by the user.
From experience, when closing the tab in the browser or the browser, the user is not log out from the server and the open R session is not close nor suspended. The session timeout applies : After 30min, the R sessions opened will be suspended (cache mechanism) to free memory and process. At next connection, it will be reopened by loading the saved state. It is what session-input-timeout-minutes option control (see doc 5.2.2
For user to really log out, they have to log out manually or you have to configured the described aboved options