Mine too. It wasn't always like this, but nowadays if I haven't accessed the site in a handful of days there's a good chance I'm logged out when I go. And it requires logging in, then mobile 2FA. It's very annoying.
Just to put this out there - but this doesn't actually sound that unreasonable.
Your tokens/session should expire at some point. We can argue over what might be a reasonable duration, but it definitely should expire.
What might be going on is if you visit the site/app it renews the token/session if it's still valid. So if you are relatively active on GH, you will stay logged in - otherwise you will eventually be logged out.
Just guessing, but all of this does seem reasonable. There's a lot your Github account can do, including a lot of damage to you and any organizations you are part of.
