looking at your php(info) and your htaccess, the only thing that jumps out at me is your garbage collection and when you take it out... so, lets rule that out.
add:
php_value session.gc_divisor 100000
php_value session.gc_probability 1
what ^that means and does: every 1000 'clicks' on your page will result in one session being destroyed... the 'garbage collection', as it's called, is how your server is doing in NOW.... increase that... instead of users facing a 1 : 1000 chance of having to log back in, if you change it to the suggested value (100k / 1) they'll stand a 100k : 1 chance of being logged out as php 'takes out the session's garbage' ... in other words, the opportunity to lose their session is greatly reduced. it's supposed to be 'random', but, as we've discovered, computers like pattern's and nothing is 'truly' random with them.
you could also consider changing your gc_maxlife too, by adding:
php_value session.gc_maxlifetime 86400
that's in seconds... the session will last that long before being tossed (garbage collected aka 'destroyed').
I DON"T THINK THIS IS YOUR ISSUE. But, let's get it out of the way all the same as you'll discover your users won't have to see that login page as much... SMF does it's own thing, and the server does it's- all this does is makes sure SMF isn't limited by what the server is doing unbeknownst to SMF... the GC is completely outside SMF where the lifetime of a single session isn't, i don't think.
openID is fine... i was confusing it in my head with the socialLogin mod, which is a total different animal... forget i mentioned it.
do you have the box "force cookies to be secured" checked in your 'server settings >cookies and sessions' page? if not, check it.