“Idle Session Timeout Seconds” is calculated using the user activity at the server side. So even if a user is inputting data in a form, but not submitting the page before the “timeout” settings the user will get timed out and lose all the data he entered. Can we capture some key events at the browser and send to the server intermittently, which prevents the server from session out? This is a problem for the practices which prefer to keep the timeout seconds very low , say 15 minutes.
Can this create any security threat?