During audit it was found that our app  does not have an inactive session timeout. It is required under the  security standards that applications have a maximum 12h active session timeout.

Requirements:

• Any user that has been logged in for more than 12 hours is required to re-authenticate (even if the session was continuously active)
• 5 min before terminating the session display a warning message (nice to have)
• when the time limit is reached, the next time the user clicks on any part of the screen they are re-directed to a log in screen