In WordPress 3.6, a new API called “WordPress Heartbeat” was introduced. Heartbeat API allows for regular communication between the user’s browser and the server to improve various features in WordPress, such as better revision tracking, enhanced collaboration by locking posts and warning when more than one user is attempting to edit a post, user’s session management, warning the user when their log-in has expired and more.

Due to the improved user logout notification, the WordPress will display an inline overlay login form popup on screen if WordPress detected that you no longer have a login token or logon has expired. It prevents you from been logged out unexpected, potentially losing any unsaved work. The login popup has the following message:

Session expired. Please log in again. You will not move away from this page.

WordPress Session Expired Login Again Popup

While the intention of user logout notification to improve user experience is good, but apparently the result may vary. For example, the login prompt may keep popping up after every few minutes or hours. By default, a user stays login for 48 hours (2 days) or 336 hours (2 weeks) if remember me is chosen. But in some cases, the login expiration detected by wp_auth_check_html() function is much faster, especially when a WordPress dashboard or admin page is left idle or not actively used for a while (where WordPress may be mistakenly treated grace period for POST and XHR requests as expiration); or in some scenario, an annoyance if logout if what you intended. For example, you may be opening may tabs loading the dashboard or admin pages from same WordPress site, and then popup will be displayed on all tabs if you logout any one of them.

It’s possible to disable that WordPress session expired login authentication modal window popup by disabling the loading of the auth check for monitoring whether the user is still logged in. To do so, add the following code into the active theme’s functions.php file:

// Disable the auth check for monitoring whether the user is still logged in.
remove_action('admin_enqueue_scripts', 'wp_auth_check_load');
The popular auth_cookie_expiration filter to extend the login validity period and prevent the WordPress from logging you out automatically does not work in stopping the re-login pop-up window.