Overriding session timeout

I’m trying to override the session timeout for students. It’s currently set to 4 weeks. I noticed that the session expiry is hard coded in the _handle_successful_authentication_and_login function:

Is there a reason for it to be hard coded? Is there an easy way of overriding it?

Thanks.