According to Laravel config/session.php
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 120,
'expire_on_close' => true,
'expired-session-redirect' => url(env('APP_URL'))
I have set the lifetime of my session to 120 minutes, but I have a feeling that my user is log-out way before 120 minutes.
Is that a typo ? Do they mean 120 seconds which is 2 mins ?
Can anyone please shed some lights on this ?
Check your php.ini for:
session.gc_maxlifetime - Default 1440 secs - 24 mins
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up. Garbage collection may occur during session start (depending on session.gc_probability and session.gc_divisor).
session.cookie_lifetime - Default 0
>session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0. See also session_get_cookie_params() and session_set_cookie_params().
In case it is less time than the Laravel configuration, the cookie will be removed because the local php.ini have preference over Laravel configuration.
You can just increase it or comment/delete.
In case is not solved something on your App is destroying the session.
UPDATE
After release v5.5.22 session lifetime is loaded from .env and is not hardcoded anymore at config/session.php, changes there.
Now you can modify the session lifetime using:
SESSION_LIFETIME=90 //minutes
In your .env file.
Change .env file in your app root
SESSION_LIFETIME=120
And value is in minutes.
I found lifetime settings on this place in one project...
bootstrap/cache/config.php
so I need to run first
php artisan config:clear
Please modify true to false for Expire on close as:
'expire_on_close' => false,
Related
After being inactive for some time in my php application I get kicked out (around 20 minutes).
I am suspecting that it could be a variable in php.ini conf file which is killing the sessions or removing the sessions but I'm not 100% sure if this is something that it has to do with that, at least I can try.
The question is what is the variable responsible for the live of the session?
Thanks
php.ini -> session.gc_maxlifetime
The default is 1440 seconds (24 mins)
See this:
PHP : What is the default lifetime of a session
How to change the default session lifetime in Silex.
The default value is 30mn;
The doc http://silex.sensiolabs.org/doc/providers/session.html#usage is giving a clue but doesn't show an example how to do it.
When I set a session like this:
$app['session']->set('username', 'my username');
The session variable is set but it expires in 30mn.
Silex uses the Symfony Components. You can set the expiration using the migrate method for a certain session.
E.g.: $app['session']->migrate(false, 3600);
Docs
To set the expiration for all sessions:
$app['session.storage.options'] = [
'cookie_lifetime' => 3600
];
Source
Don't forget that you must have some coherence between lifetime settings in Silex and lifetime settings in your php.ini.
By default, PHP lifetime sessions are set to 1440 seconds. If you don't change this default value, the session garbage mecanism (run by /etc/cron.d/php5) will remove "old" sessions (i.e. sessions with 1440 seconds of inactivity).
Here is the explaination of /etc/cron.d/php5 :
# This purges session files in session.save_path older than X,
# where X is defined in seconds as the largest value of
# session.gc_maxlifetime from all your SAPI php.ini files
# or 24 minutes if not defined. The script triggers only
# when session.save_handler=files.
#
# WARNING: The scripts tries hard to honour all relevant
# session PHP options, but if you do something unusual
# you have to disable this script and take care of your
# sessions yourself.
My Symfony2 application displays a main page, and from there on it primarily uses AJAX requests to display content to the user via modals.
I've noticed that after the user is idle for some period of time (around 15-30 minutes) the session is destroyed, and the user is logged out and needs to log in again. This is incredibly frustrating, since I can't expect users to log in again every time they've been idle for a few minutes.
As far as I can tell, this problem should not be happening according to my config.yml file, which is as follows:
framework:
session:
cookie_lifetime: 0 # Session lifetime in seconds
gc_maxlifetime: 28800 # Seconds after which data will be seen
# as garbage and potentially cleaned up
handler_id: ~ # Current using the default session handler
For completeness, my current environment is as follows:
Symfony 2.4.8
PHP 5.4
Session handler: default (file-based according to php.ini)
Ubuntu Server 12.10
Summary:
What should be happening: users should not be logged out, even after being idle for hours
What is actually happening: users are being logged out after being idle for 15-30 minutes
How can I fix this?
The problem:
It turns out that on Debian / Ubuntu systems, there is a system cronjob which runs every 30 minutes, cleaning out all "old" sessions. Herein lies the problem.
The cronjob doesn't actually know what constitutes "old". The cronjob simply calls a PHP-CLI script located at /usr/lib/php5/maxlifetime which then removes all session files that exceed a certain age. Since the script is involved by PHP-CLI, and independently of Symfony2, it has no idea what values you specified for gc_maxlifetime and cookie_lifetime in your Symfony2 config file. Instead, if just defaults to using the session.cookie_lifetime and session.gc_maxlifetime values from the /etc/php5/cli/php.ini config file, which by default, is 24 minutes. So no matter what you specify in your Symfony2 config file, if you are idle for too long, your session will be removed.
The solution:
Either delete the cronjob file at /etc/cron.d/php5 or,
Store your sessions in a database where they can't be touched by the cronjob
I set remember me cookie set to default, and then in security.yml
security:
firewalls:
main:
form_login:
remember_me: true
remember_me:
key: mycookie
lifetime: 2592000 # 30 days
path: /
domain: ~
always_remember_me: true
My first answer seems not suitable for your issue. Maybe this one will help.
Do you clear Symfony cache between your requests ?
Extract of symfony documentation :
save_path
type: string default: %kernel.cache.dir%/sessions
This determines the argument to be passed to the save handler. If you
choose the default file handler, this is the path where the session
files are created. For more information, see Configuring the Directory
where Session Files are Saved.
You can also set this value to the save_path of your php.ini by setting the value to null.
By default, Symfony stores sessions in the cache directory that is emptied while clearing cache...
Extract of symfony documentation :
cookie_lifetime
type: integer default: null
This determines the lifetime of the session - in seconds. It will use
null by default, which means session.cookie_lifetime value from
php.ini will be used. Setting this value to 0 means the cookie is
valid for the length of the browser session.
So, 0 is not infinite session BUT browser session... You should define a big amoutn of seconds and test it.
Travis T, I went the simplest route of all. I said
nano /etc/cron.d/php5
This opened the file showing the tremendously long crontab code that purges your session by default every 30 mins. The script was preceded by a #, and all I did was uncomment both lines by removing the #. So:
# Look for and purge old sessions every 30 minutes
# 09, 39, * * * * root #[ -x /usr/lib/php5/maxlifetime ] && [ etc
it's a long file.....]
I just removed the 2 #'s in front of Look and 09. That's it !
I have added the following lines in my htaccess file :
php_value session.cookie_lifetime 14400
php_value session.gc_maxlifetime 14400
Also have added a php.ini file in the root directory with the following code :
session.gc_maxlifetime = 14400
session.cookie_lifetime = 14400
Also inside the php code have added the following lines :
ini_set('session.cookie_lifetime',14400);
ini_set('session.gc_maxlifetime',14400);
setcookie("_lid", $lid, time() + 14400);
So basically the session should work for 4 hours. But it is getting timed out in about 24 mins or so which is the default timeout time in php.
I may be missing something. Would be great if someone can provide some inputs.
Thanks
I was having the exact same problem - the session.gc_maxlifetime & session.cookie_lifetime values were set but appeared to not be honoured... Then, I found a comment on an old thread which clearly needs a lot more recognition:
How do I expire a PHP session after 30 minutes?
Please note that at least two settings are crucial to setting the
session time, and maybe three. The two certainly crucial ones are
session.gc_maxlifetime and session.cookie_lifetime (where 0 is not the
same as some long number). For complete, 100% certainty of allowing
long times, it may also be necessary to set the session.save_path, due
to varying OS-controled cleanup time on the /tmp directory where
session files get stored by default. – #Kzqai Apr 7 '11 at 8:04
I already altered my php.ini in Apache to have these settings:
session.gc_maxlifetime = 1440
session.cache_expire = 1500
But my sessions are not that long. The problem is that I am not certain which settings would "do the trick"
Ideally I am looking for the right configuration to have the session last 12 hours. Could anyone help me with that?
do you also have set session.cookie_lifetime = 0 ?
and maybe somewhere in your scripts or some included scripts the session lifetime is set to another value?
The default "0" value means that the cookie stays alive until the browser is closed. This is also the default value, if not set in php.ini.
Source: http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
session.gc_maxlifetime is measured in seconds, so your setting of 1440 will expire after 24 minutes. (see: http://php.net/session.gc-maxlifetime)
For 12 hour session I believe you need:
session.gc_maxlifetime = 43200
session.cache_expire = 720
session.cookie_lifetime = 0
Have a look at:
session.cookie_lifetime x
Where x is the lifetime in seconds
Also, if you are on a shared host, make sure the session data under /tmp is not removed by the host with some sort of clean script. Some hosts clear /tmp every 10 minutes.