php - javascript: allow user to login after session times out -

i want write javascript program html webpage forces user after leaving session idle x minutes (no mouse movement or keys pressed) reenter password resume session.

note, not talking destroying session/closing session time goes out, forcing user log out. i'm trying "pause" session having pop box user must type username , password resume work.

thanks

you use

var timeoutholder=settimeout(pausesession,60000*nminutes); 

and reset time each time user press key

window.addeventlistener("keydown", function(e){     cleartimeout(timeoutholder);     var timeoutholder=settimeout(pausesession,60000*nminutes); }); 

you can create similar event detecting mouse movement. finally, define pausesession function shows popup.

some thoughts security: should take account measure executed in client easy circumvent , therefore should use if not imply security risk.

a more sophisticated version send message server , keep track of timer there, user can't alter it. however, user send fake keystrokes , key movements still vulnerable solution.

tl;dr: in client altered. keys , mouse movement detected in client, therefore take account user able disable password prompt. minutes since last page load or xmlhttprequest better measurement since can implemented in server.