I want to address the issue you refer to about user-id timeout.
Back in PAN-OS 7.1.5 PAN made a change to the underlying API we used, there was an implicit setting for a time-out that they made optional 7.1.5., prior to 7.1.5 when we set the user details the implicit timeout was 0 i.e. Never time-out.
This change caused CPPM when sending user details to be controlled by the PANW on-box setting [Default was 60 minutes], there was though no way to make the user never-time-out.
So, we fixed this and changed our API and we added the now required setting in CPPM 6.6.7 patch to override the default value. We now send a never-time-out setting.
In a future release, we will expose the ability for you to set your own timeout value.