diff --git a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
index 85c92d1139..df7c5a0c31 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
@@ -14,7 +14,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     /// before their timeout expires.
     /// </remarks>
     [IsBackOffice]
-    //[UmbracoUserTimeoutFilter] //TODO reintroduce
+    [UmbracoUserTimeoutFilter]
     [UmbracoAuthorize]
     [DisableBrowserCache]
     [UmbracoWebApiRequireHttps]
diff --git a/src/Umbraco.Web.Common/Filters/UmbracoUserTimeoutFilterAttribute.cs b/src/Umbraco.Web.Common/Filters/UmbracoUserTimeoutFilterAttribute.cs
new file mode 100644
index 0000000000..afe5e344c5
--- /dev/null
+++ b/src/Umbraco.Web.Common/Filters/UmbracoUserTimeoutFilterAttribute.cs
@@ -0,0 +1,39 @@
+using System.Globalization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Umbraco.Extensions;
+
+namespace Umbraco.Web.Common.Filters
+{
+    /// <summary>
+    /// This will check if the request is authenticated and if there's an auth ticket present we will
+    /// add a custom header to the response indicating how many seconds are remaining for the current
+    /// user's session. This allows us to keep track of a user's session effectively in the back office.
+    /// </summary>
+    public class UmbracoUserTimeoutFilterAttribute : TypeFilterAttribute
+    {
+        public UmbracoUserTimeoutFilterAttribute() : base(typeof(UmbracoUserTimeoutFilter))
+        {
+        }
+
+        private class UmbracoUserTimeoutFilter : IActionFilter
+        {
+
+            public void OnActionExecuted(ActionExecutedContext context)
+            {
+                //this can occur if an error has already occurred.
+                if (context.HttpContext.Response is null) return;
+
+                // Using the new way to GetRemainingAuthSeconds, which does not require you to get the ticket from the request
+                var remainingSeconds = context.HttpContext.User.GetRemainingAuthSeconds();
+
+                context.HttpContext.Response.Headers.Add("X-Umb-User-Seconds", remainingSeconds.ToString(CultureInfo.InvariantCulture));
+            }
+
+            public void OnActionExecuting(ActionExecutingContext context)
+            {
+                // Noop
+            }
+        }
+    }
+}
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 7b224c49b5..5f934c2359 100644
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -372,7 +372,6 @@
     <Compile Include="WebApi\UmbracoAuthorizeAttribute.cs" />
     <Compile Include="WebApi\UmbracoAuthorizedApiController.cs" />
     <Compile Include="WebApi\Filters\ValidationFilterAttribute.cs" />
-    <Compile Include="WebApi\Filters\UmbracoUserTimeoutFilterAttribute.cs" />
     <Compile Include="Mvc\ControllerExtensions.cs" />
     <Compile Include="TypeLoaderExtensions.cs" />
     <Compile Include="Properties\AssemblyInfo.cs">
diff --git a/src/Umbraco.Web/WebApi/Filters/UmbracoUserTimeoutFilterAttribute.cs b/src/Umbraco.Web/WebApi/Filters/UmbracoUserTimeoutFilterAttribute.cs
deleted file mode 100644
index 4221817a17..0000000000
--- a/src/Umbraco.Web/WebApi/Filters/UmbracoUserTimeoutFilterAttribute.cs
+++ /dev/null
@@ -1,36 +0,0 @@
-using System;
-using System.Globalization;
-using System.Web.Http.Filters;
-using Umbraco.Core.Security;
-using Umbraco.Web.Security;
-
-namespace Umbraco.Web.WebApi.Filters
-{
-    /// <summary>
-    /// This will check if the request is authenticated and if there's an auth ticket present we will
-    /// add a custom header to the response indicating how many seconds are remaining for the current
-    /// user's session. This allows us to keep track of a user's session effectively in the back office.
-    /// </summary>
-    public sealed class UmbracoUserTimeoutFilterAttribute : ActionFilterAttribute
-    {
-        public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
-        {
-            base.OnActionExecuted(actionExecutedContext);
-
-            //this can occur if an error has already occurred.
-            if (actionExecutedContext.Response == null) return;
-            
-            var httpContextAttempt = actionExecutedContext.Request.TryGetHttpContext();
-            if (httpContextAttempt.Success)
-            {
-                
-                var ticket = httpContextAttempt.Result.GetUmbracoAuthTicket();
-                if (ticket?.Properties.ExpiresUtc != null && ticket.Properties.ExpiresUtc.Value < DateTimeOffset.UtcNow)
-                {
-                    var remainingSeconds = httpContextAttempt.Result.GetRemainingAuthSeconds();
-                    actionExecutedContext.Response.Headers.Add("X-Umb-User-Seconds", remainingSeconds.ToString(CultureInfo.InvariantCulture));
-                }
-            }
-        }
-    }
-}
diff --git a/src/Umbraco.Web/WebApi/UmbracoAuthorizedApiController.cs b/src/Umbraco.Web/WebApi/UmbracoAuthorizedApiController.cs
index 7858d6955a..2851d5e24f 100644
--- a/src/Umbraco.Web/WebApi/UmbracoAuthorizedApiController.cs
+++ b/src/Umbraco.Web/WebApi/UmbracoAuthorizedApiController.cs
@@ -21,7 +21,7 @@ namespace Umbraco.Web.WebApi
     /// before their timeout expires.
     /// </remarks>
     [IsBackOffice]
-    [UmbracoUserTimeoutFilter]
+    // [UmbracoUserTimeoutFilter] has been migrated to netcore
     [UmbracoAuthorize]
     [DisableBrowserCache]
    // [UmbracoWebApiRequireHttps]