That would be awesome but it might be difficult to implement and I don't think it can work in all cases, primarily with different auth plugins.
For example, we use a custom plugin with SSO, so Moodle doesn't control the login screen; if you submit a form after Moodle's timeout has expired, but when the SSO timeout hasn't, then you'll automatically be granted access again (logged into moodle behind the scenes) with no login interface: you'll just get directly to the helpful 'incomprehensible error about your form data not being valid for no particular reason' page
Or, worse, if you submit a form after the SSO timeout has expired too, then you'll be redirected ignominiously to the standard SSO login page (and there's not much moodle can do about this, at least in our particular system - it happens before the php layer) which won't know about moodle stuff, we can't change it, and it will lose your form data whatever happens.
A different, easier possibility is to automate the timer approach described. In other words, rather than popup a dialog (ugh!), just make the JS request something - anything - from the server before the session runs out. Then it won't run out, problem solved.
Yes this means if a user leaves their browser open then they can hold a session open on the server forever but I think if you combine it with reducing the actual session length (say from 2 hours to 30 minutes) it would most likely end up reducing the amount of sessions open at any one time (would have to experiment, obviously). We should be able to afford users making a low-impact php request every 29 minutes while they lurk on a page, or even several if they lurk in lots of tabs.