An easy way to do that is to host the CM console on a Citrix server and leave it to Citrix to handle the timeout.
I'm not sure though whether Citrix can track idle state or if you only can define a time to live for your session.
I think there might also be issues with the way Citrix kills expired sessions, which would require some extra management tasks.
I dont suppose anyone has since found a way to do this or know if an enhancement request has been raised, as it is something our secuirty giudelines states should happen. This applies both to config manager and nsh via an nsh proxy server.
Well, technically, the appserver will timeout idle connections today (and has since the 7.0 release). The reasons why this might not necessarily be useful to you are:
1) The way the credential stuff works, once you're active again, the connection will just automatically re-connect, re-authenticate, and continue (unless the credential has expired in which case you'll have to log out and back in again).
2) No matter how inactive you are, due to the fact the GUI continuously polls the appserver for running jobs, you're actually never inactive.