I need to display a modal to the user telling him that he's been disconnected for being idle for X number of minutes.
What I did was to store a timestamp of the latest request done by any of the windows/tabs, and check it + adding it the duration of the session.
Then every time the user focuses or makes a page visible I check against the timestamp and if the session is over (due to inactivity) I display the modal.
But there is a bug: If the user re-logged in from another window/tab, then went back to a tab or window that were previously logged in, then the modal won't launch since the timestamp renewed, however the CSRF and Session cookies were changed so he's not really logged it to the same session anymore, and if he tries to perform some action, he will get Error 419 and lose all data, which is why I needed to launch the modal in the first place, to make him refresh the page.
How can I check that he's on the older session? What I think about is to also store the most updated session/csrf cookie value in the localStorage. But is it safe (I can hash it using this answer: https://stackoverflow.com/a/52171480/17746636).
Or there a better way to do it?
