Do you mean "Basic Auth" as in Apache mod_auth?
If so, then no; It's a dirt-simple authentication method, and has no such feature built-in.

You'd need a session-aware script to do any kind of time-out. This is explained by the fact that HTTP is a stateless protocol: Once the server sends the 401-Auth Required response, the current HTTP transaction is over, and the server isn't 'waiting' for anything -- It is finished with the HTTP transaction, and won't have the slightest 'memory' or 'awareness' that an authentication/authorization challenge was issued to the client.

If the user enters a username/password, then his/her browser will issue a new HTTP request to your server, with the username/password sent in the HTTP request headers. The server will then respond to this new HTTP transaction by checking the username/password, and if it's correct, serve the requested page. Then that transaction will be over, and again, the server will have no memory of it.

The only 'memory' or 'session awareness' in Basic auth is that the browser sends the username/password with every request to the specified authentication domain on your server until the browser is closed. It is on;y the client browser that 'remembers' that it is 'logged in.'

Jim