user can lock himself out by setting autologout to a very short period.
to verify, set autologout in the profile to 1 second. it is not possible to log in & change this anymore.
simple solution could be to introduce a minimal required autologin period, though this should take into account usage over slow (think gprs) connections.
something like 30-60 seconds could work as the minimal required value.