thankyou for that, the command that worked was:

debug dot11 dot11radio0 trace print clients 

 I'm still puzzled however by 'timeout'. and whether my AP is configured in some way to drop client connections. I've looked under # and config t and cannot see a timeout setting. I should also clarify I'm configuring the AP through a telnet session using putty on a windows pc. Thanks for any further ideas.

It's a (very) old AP and your software is also fairly old. The latest release is c1240-k9w8-tar.124-25e.JAP12.tar, found here: https://software.cisco.com/download/home/280237322/type/280775090/release/12.4.25e-JAP12

There is some possibility that you are hitting some bug, but it might also be a wrong configuration. Can you show us the running configuration (remove the passwords before posting)?

hostname#sh run
Building configuration...

Current configuration : 3684 bytes
!
! Last configuration change at 08:08:44 GMT Fri Apr 12 2019 by ga2421
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname hostname
!
enable secret 5 secret
!
no aaa new-model
clock timezone GMT 0
!
!
dot11 association mac-list 700
!
dot11 ssid ga2421
authentication open
guest-mode
!
power inline negotiation prestandard source
!
!
username user password 7 password
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 <number> transmit-key
encryption mode wep mandatory
!
ssid ssid
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 2 size 40bit 7 <number> transmit-key
encryption mode wep mandatory
!
ssid ssid
!
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 172.16.1.22 255.255.0.0
no ip route-cache
!
ip default-gateway 172.16.1.60
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging trap debugging
logging 172.16.1.61
access-list 700 permit 000f.55a8.2bf4 0000.0000.0000
<snip>
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
sntp server 129.215.160.240
sntp server 78.129.239.26
sntp server 143.210.16.201
sntp server 82.219.4.31
sntp source-interface FastEthernet0
end

Check the session timeout answer by Sathiyanarayanan Ravindran, that might help.
Also, you currently use WEP as "encryption". WEP is fully cracked today and should not anymore be used. Either switch to WPA2-AES (no TKIP!) or no encryption at all. It's no difference between no encryption and WEP today in regards to security.

thanks but I also use mac address filtering so I'm happy with the security that provides.

This provides zero (0, NULL) security!

Mac address can be copied within seconds (just sniff the packets of a single active client) and the WEP key can be cracked within 2 minutes on an iPhone6, or way faster on a modern computer. 

That's all it needs for the attacker to gain full access to your wireless, 2 minutes.

thanks for that, I don't know where my original reply went but the command that worked is:
debug dot11 dot11radio0 trace print clients
still struggling with the timeout thing though....

Check this thread Session Timeout Autonomous AP