diff --git a/ajax/session/do_check_session.php b/ajax/session/do_check_session.php
old mode 100644
new mode 100755
index 757619a9..35460050
--- a/ajax/session/do_check_session.php
+++ b/ajax/session/do_check_session.php
@@ -10,6 +10,11 @@ $lastActivity = $_SESSION['lastActivity'] ?? time();
 $sessionLifetime = time() - $lastActivity;
 $status = $sessionLifetime >= RASPI_SESSION_TIMEOUT ? 'session_expired' : 'active';
 
+if ($status = 'session_expired') {
+    session_unset(); // unset all session variables
+    session_destroy(); // destroy the session
+}
+
 // send response
 header('Content-Type: application/json');
 header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
diff --git a/app/js/custom.js b/app/js/custom.js
index ce0bb712..a3380e15 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -678,7 +678,8 @@ function checkSession() {
     if (window.location.pathname === '/login') {
         return;
     }
-    $.get('ajax/session/do_check_session.php', function (data) {
+    var csrfToken = $('meta[name=csrf_token]').attr('content');
+    $.post('ajax/session/do_check_session.php',{'csrf_token': csrfToken},function (data) {
         if (data.status === 'session_expired') {
             clearInterval(sessionCheckInterval);
             showSessionExpiredModal();