At Ignite we announced a major improvement to the way secure external sharing of files and folders works in both OneDrive and SharePoint in Office 365 and we wanted to share what this means for users...
Updated Jun 25, 2020
Version 4.0
Blog Post
Dean Chen For #1 actually if you have this set to 30 days then it means that recipients who enter a code will have to re-verify their email address by entering a new code 30 days after they enter the first one, even if they checked the "keep me signed in" box. So for example if you send me a secure link on December 1st and I enter in the code and click "keep me signed in", when I come back on December 30th I'll be asked for a new code. The link itself still will continue to work and I don't have to ask you for re-share the content with me.
This feature is primarily meant to protect against employment changes for recipients. For example if on December 1st I work for Contoso and have rafael@contoso.com but then by December 30th I left Contoso, then I won't be able to re-verify my rafael@contoso.com email address and so will lose access to the content that you shared with my Contoso identity.
For #2 it depends on whether the recipient clicked on "keep me signed in". If they do not check that box then the code is only valid for that browsing session. If they close their browser then they'll need to click on the link again and enter in a new code.