By default, proxy-keep-alive-mode is set to 'session' in global settings, and proxy-re-authentication-time is a hidden command line that is available only when proxy-keep-alive-mode is set to 're-authentication' as follows in global settings:

Before FortiOS version 7.0:

config system global

    set proxy-re-authentication-mode absolute

end

After FortiOS version 7.0 and above, the command have been changed to: 

config system global
    set proxy-keep-alive-mode re-authentication 
    set proxy-re-authentication-time 30
end

Here is the screenshot from FortiOS version 7.4.9:

The feature 'proxy-keep-alive-mode' controls whether users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated.

Here are the steps to trigger re-authentication on FortiGate using above authentication setting:

1. Access https://www.fortinet.com in chrome to trigger authentication.
2. Access https://www.fortiguard.com successfully.
   Wait for authentication timeout.
3. Access https://www.fortinet.com again, which will ask for re-authentication.
4. Access https://www.fortiguard.com it should then be possible to access the websites.

Note: The re-authentication steps can be checked for any websites - the domains provided above are just examples.

When proxy-keep-alive-mode is set to re-authentication, after 'proxy-re-authentication' timer reached the timeout value, the next HTTP request from the user from the same IP will be required to authenticate again even if there is any ongoing session or if there is any ongoing traffic from/to the user with the same IP.

The feature proxy-re-authentication-time can be set from 1 to 86400 seconds, by default this option is set to 30 seconds.

Related articles:

Technical Tip: Proxy users lifetime control

Technical Tip: How to refresh/clear the wad user/group cache on FortiProxy v7.0.X

Technical Tip: How the Explicit Proxy authentication timeout works