Client Session Idle vs SSO Session Idle

I‘ve read the documentation about Client Session Idle and SSO Session Idle timeouts, but can someone give me real world example why I should configure Client Session Idle less (or even larger?) than SSO Session Idle please.
Maybe I haven’t fully understood the difference between those two config options.


As i understand, the “Client Session Idle Timout” is about the connection from client-applications like a third party application (e.g. a CMS system like GRAV oder DokuWiki). I tells how long a token is valid given for a client until he needs to fetch a new one.

And “SSO Session Idle” is about the user who uses the client to access an application.