By Using javascript timeout function, you need to ensure that if the user is making any AJAX calls your function should be reset as it should be treated as user activity.

If the using server push using websockets you may not be able to target users with not so latest browsers. You may have to use some signalling frameworks and even change your backend stack. (I can think of socket.io & SignalR as of now)

Both the approaches are not going degrade gracefully. So, IMO javascript option sounds better as it can target wider audience and that would require you to address some edge case scenarios. If I had a choice I would not implement this feature at all. But it hardly happens that way.

UPDATE:
Here is another approach I could think of.

Every time a page gets served I would sent a Cookie which can be accessed in the client side which would contain the UTC time at which the session will timeout. In my code I would place a setInterval which would read the value and compare the local time with UTC and if it close, would display a popup window saying the timeout will happen in X seconds etc.

This again doesn’t degrade gracefully and relies on the time of the client machine. So, if it is wrong this functionality will not work reliably.