[FEAT] Auto-Logout Users After a Period of Inactivity

[officiabreezy]

Description

Implement Auto-Logout After Inactivity in NestJS's to automatically logged users out after a period of inactivity. This prevents unauthorized access in case a session remains open on a shared or public device. This feature should track user activity and invalidate the session/token after a set time of inactivity.

Acceptance Criteria

• Track user activity and reset the inactivity timer upon interaction.
• Automatically log out users after inactivity (e.g., 15 minutes).
• Invalidate tokens/sessions after timeout.
• Ensure users receive a 401 response when trying to use an expired session.

Purpose

• Prevent unauthorized access after long inactivity.
• Notify users before auto-logout, allowing them to extend the session.
• Expire unused tokens to prevent token abuse.
• Many secure systems implement auto-logout to protect users.

Requirements

• Track user activity (e.g. Monitor user requests, Reset the inactivity timer etc.)
• Destroy session (if using session-based authentication).
• Send a warning response (You will be logged out in 1 minute due to inactivity).
• Allow users to refresh the session if still active.
• Return a 401 Unauthorized response when a user tries to access an expired session.

Expected Outcome

JSON Response on Auto-Logout

• When session expires due to inactivity:

{
 "status":  "error",
  "status code": 401,
  "message":  "Session expired due to inactivity. Please log in again.",
  "data": {}
}

• When warning user before auto-logout:

{
 "status": "warning",
  "status code": 200,
  "message":  "You will be logged out in 1 minute due to inactivity. Click 
   here to stay signed in.",
  "data": {}
}

[TheCodeGhinux]

Is this needed??