I have a website and currently I am handing the timeout on client side that is using Javascript, so that I no request is being made I log the user out, but I have seen people on SO suggesting the same approach , and I see a big lapse in it, suppose a user has 2 tabs open.
Tab 1:
www.MYSITE.com/welcome.php
Tab 2:
www.MYSITE.com/edit_profile.php
Now if user is on Tab 2 and he is editing the profile there, Tab 1 is idle that means user will be logged out/shown warning (the way you are handling Idle time).
So that doesn't seems to be consistent, in my thinking it should be on server side, is my approach correct?