You are experiencing one of two different timeouts.
If your timeout is logging you out even after you have set a 'remember me', then you are experiencing an Application Pool shutdown. By default, YAF comes with a 'configuration option' in the web.config file that when uncommented and given 'unique keys' will override the ASP.NET default method of encrypting form data, which whenever an application pool resets, will be encrypted differently when it restarts, unless this set of machine keys are uncommented and enabled in the web.config.
The other timeout, if you are being 'forgotton' after the '20 minute' Session timeout (without clicking the 'remember me') would be a default IIS configuration for Session Timeouts. You should be able to control the session timeout, but if your application pool is shutting down after 20 minutes idle, a longer session will not help, because the application "out-ranks" the session in this case.
If you can't find it using the forum search, try my signature link -- searches this site using Google:
Google is my Friend