Index: wp-includes/functions.php
===================================================================
--- wp-includes/functions.php	(revision 23549)
+++ wp-includes/functions.php	(working copy)
@@ -3895,39 +3895,13 @@
  */
 function wp_auth_check_load() {
 	wp_enqueue_script( 'heartbeat' );
+	wp_localize_script( 'heartbeat', 'wpAuthCheck', array( 'check' => ( is_admin() || is_user_logged_in() ) ) );
+
 	add_filter( 'heartbeat_received', 'wp_auth_check', 10, 2 );
 	add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 );
-
-	if ( is_admin() )
-		add_action( 'admin_print_footer_scripts', 'wp_auth_check_js' );
-	elseif ( is_user_logged_in() )
-		add_action( 'wp_print_footer_scripts', 'wp_auth_check_js' );
 }
 
 /**
- * Output the JS that shows the wp-login iframe when the user is no longer logged in
- */ 
-function wp_auth_check_js() {
-	?>
-	<script type="text/javascript">
-	(function($){
-	$( document ).on( 'heartbeat-tick.wp-auth-check', function( e, data ) {
-		var wrap = $('#wp-auth-check-notice-wrap');
-
-		if ( data['wp-auth-check-html'] && ! wrap.length ) {
-			$('body').append( data['wp-auth-check-html'] );
-		} else if ( !data['wp-auth-check-html'] && wrap.length && ! wrap.data('logged-in') ) {
-			wrap.remove();
-		}
-	}).on( 'heartbeat-send.wp-auth-check', function( e, data ) {
-		data['wp-auth-check'] = 1;
-	});
-	}(jQuery));
-	</script>
-	<?php
-}
-
-/**
  * Check whether a user is still logged in, and act accordingly if not.
  *
  * @since 3.6.0
@@ -3937,7 +3911,7 @@
 		return $response;
 
 	// If the user is logged in and we are outside the login grace period, bail.
-	if ( is_user_logged_in() && empty( $GLOBALS['login_grace_period'] ) )
+	if ( is_user_logged_in() && wp_validate_auth_cookie( '', 'logged_in' ) && empty( $GLOBALS['login_grace_period'] ) )
 		return $response;
 
 	return array_merge( $response, array(
@@ -3947,12 +3921,12 @@
 	position: fixed;
 	height: 90%;
 	left: 50%;
-	max-height: 415px;
+	max-height: 425px;
 	overflow: auto;
 	top: 35px;
-	width: 300px;
+	width: 330px;
 	margin: 0 0 0 -160px;
-	padding: 12px 20px;
+	padding: 12px;
 	border: 1px solid #ddd;
 	background-color: #fbfbfb;
 	-webkit-border-radius: 3px;
@@ -3966,6 +3940,10 @@
 #wp-auth-check-form iframe {
 	height: 100%;
 	overflow: hidden;
+	border: 0;
+	width: 320px;
+	display: block;
+	margin: auto;
 }
 #wp-auth-check a.wp-auth-check-close {
 	position: absolute;
@@ -3976,10 +3954,19 @@
 	background: url("' . includes_url('images/uploader-icons.png') . '") no-repeat scroll -95px center transparent;
 }
 #wp-auth-check h3 {
-	margin: 0 0 12px;
+	margin: 0 auto 12px;
 	padding: 0;
-	font-size: 1.25em;
+	font-size: 16px;
+	font-family: sans-serif;
+	width: 320px;
 }
+#wp-auth-check .offscreen-text {
+	position: absolute;
+	left: -1000em;
+	height: 1px;
+	width: 1px;
+	overflow: hidden;
+}
 @media print,
   (-o-min-device-pixel-ratio: 5/4),
   (-webkit-min-device-pixel-ratio: 1.25),
@@ -3992,7 +3979,7 @@
 </style>
 <div id="wp-auth-check" tabindex="0">
 <h3>' .  __('Session expired') . '</h3>
-<a href="#" class="wp-auth-check-close"><span class="screen-reader-text">' . __('close') . '</span></a>
+<a href="#" class="wp-auth-check-close"><span class="offscreen-text">' . __('close') . '</span></a>
 <div id="wp-auth-check-form">
 	<iframe src="' . esc_url( add_query_arg( array( 'interim-login' => 1 ), wp_login_url() ) ) . '" frameborder="0"></iframe>
 </div>
@@ -4008,8 +3995,8 @@
 	var height;
 	try { height = $(this.contentWindow.document).find("#login").height(); } catch(er){}
 	if ( height ) {
-		$("#wp-auth-check").css("max-height", height + 40 + "px");
-		$(this).css("height", height + 5 + "px");
+		$("#wp-auth-check").css("max-height", height + 50 + "px");
+		$(this).css("height", height + 15 + "px");
 		if ( height < 200 ) {
 			wrap.data("logged-in", true);
 			setTimeout( function(){ wrap.fadeOut(200, function(){ wrap.remove(); }); }, 5000 );
Index: wp-includes/js/heartbeat.js
===================================================================
--- wp-includes/js/heartbeat.js	(revision 23549)
+++ wp-includes/js/heartbeat.js	(working copy)
@@ -410,3 +410,18 @@
 	wp.heartbeat = new Heartbeat();
 
 }(jQuery));
+
+(function($){
+	$( document ).on( 'heartbeat-tick.wp-auth-check', function( e, data ) {
+		var wrap = $('#wp-auth-check-notice-wrap');
+
+		if ( data['wp-auth-check-html'] && ! wrap.length ) {
+			$('body').append( data['wp-auth-check-html'] );
+		} else if ( !data['wp-auth-check-html'] && wrap.length && ! wrap.data('logged-in') ) {
+			wrap.remove();
+		}
+	}).on( 'heartbeat-send.wp-auth-check', function( e, data ) {
+		if ( window.wpAuthCheck && window.wpAuthCheck.check )
+			data['wp-auth-check'] = 1;
+	});
+}(jQuery));