How to send users to login page when they are logged out from another tab they opened?

Question

I am using cookie-session and passport.js in Nodejs to handle user authentication:

app.use(require("cookie-session")({
    secret:keys.session.secret,
    resave:false,
    saveUninitialized:false

}));

In my front end I have javascript that tracks keyboard and mouse events for inactivity and logs user out after 20 minutes of inactivity:

var idleTime = 0;

 //Increment the idle time counter every minute.
 var idleInterval = setInterval(timerIncrement, 60000); // 1 minute

 //Zero the idle timer on mouse movement.
 $(this).mousemove(function (e) {
     idleTime = 0;
 });
 $(this).keypress(function (e) {
     idleTime = 0;
 });


function timerIncrement() {
 idleTime = idleTime + 1;
 if (idleTime > 19) { // 20 minutes
    window.location.href = '../logout'
    // window.location.href = '../login'
 }
}

The issue I am having is when a user opens multiple tabs of the website and forgets about the other tabs that are open. One of the tab will log the user out. The user will not realize this until he/she tries to go to some page in the tab that they are using. Going to page would mean that they will have to go through my isLoggedIn middleware which automatically sends them to login page if they are not logged in.

The problem is that I have a massive form in my website sending nothing but post request. A use might work on it for a few minutes only to realize that nothing has been saved.

How should inactivity handeled? Should I have something checking on the backend for inactivity as well? Should it be backend only?

Answer 1

You can communicate between tabs using BroadcastChannel if supported, otherwise storage event from localStorage. You can find the details here, as well as a small library that can take care of all the details for you.

I recommend displaying a message warning the user that he will be logged out for inactivity in X seconds, with a button to postpone the log out.