After Session timeout, User can reactivate it by refreshing the browser. When idle for long time user receives the Session Time out exception with pop up to refresh or cancel and refreshing the browser gives access to the app without asking the credentials of the user. System should ask for User ID & Password to reactivate the session. How do we do this?