I have read a few stack overflow posts that show how to do this in pieces but I wanted to summarise this into one example.
Here is the @app.before_request function that will allow you to have session timeout
As I said that this was to be used with the Flask-Login extension I wanted to point out something that could potentially catch you out. Flask-Login has a "remember me" functionality that is set at login time, the use of this functionality can mess up the session timeout and make it appear as though it does not work. To avoid this you need to look at the login code and ensure that the remember flag is not set to True:
Hope that helps,