My Symfony2 application displays a main page, and from there on it primarily uses AJAX requests to display content to the user via modals.
I've noticed that after the user is idle for some period of time (around 15-30 minutes) the session is destroyed, and the user is logged out and needs to log in again. This is incredibly frustrating, since I can't expect users to log in again every time they've been idle for a few minutes.
As far as I can tell, this problem should not be happening according to my config.yml file, which is as follows:
framework:
session:
cookie_lifetime: 0 # Session lifetime in seconds
gc_maxlifetime: 28800 # Seconds after which data will be seen
# as garbage and potentially cleaned up
handler_id: ~ # Current using the default session handler
For completeness, my current environment is as follows:
Symfony 2.4.8
PHP 5.4
Session handler: default (file-based according to php.ini)
Ubuntu Server 12.10
Summary:
What should be happening: users should not be logged out, even after being idle for hours
What is actually happening: users are being logged out after being idle for 15-30 minutes
How can I fix this?
The problem:
It turns out that on Debian / Ubuntu systems, there is a system cronjob which runs every 30 minutes, cleaning out all "old" sessions. Herein lies the problem.
The cronjob doesn't actually know what constitutes "old". The cronjob simply calls a PHP-CLI script located at /usr/lib/php5/maxlifetime which then removes all session files that exceed a certain age. Since the script is involved by PHP-CLI, and independently of Symfony2, it has no idea what values you specified for gc_maxlifetime and cookie_lifetime in your Symfony2 config file. Instead, if just defaults to using the session.cookie_lifetime and session.gc_maxlifetime values from the /etc/php5/cli/php.ini config file, which by default, is 24 minutes. So no matter what you specify in your Symfony2 config file, if you are idle for too long, your session will be removed.
The solution:
Either delete the cronjob file at /etc/cron.d/php5 or,
Store your sessions in a database where they can't be touched by the cronjob
I set remember me cookie set to default, and then in security.yml
security:
firewalls:
main:
form_login:
remember_me: true
remember_me:
key: mycookie
lifetime: 2592000 # 30 days
path: /
domain: ~
always_remember_me: true
My first answer seems not suitable for your issue. Maybe this one will help.
Do you clear Symfony cache between your requests ?
Extract of symfony documentation :
save_path
type: string default: %kernel.cache.dir%/sessions
This determines the argument to be passed to the save handler. If you
choose the default file handler, this is the path where the session
files are created. For more information, see Configuring the Directory
where Session Files are Saved.
You can also set this value to the save_path of your php.ini by setting the value to null.
By default, Symfony stores sessions in the cache directory that is emptied while clearing cache...
Extract of symfony documentation :
cookie_lifetime
type: integer default: null
This determines the lifetime of the session - in seconds. It will use
null by default, which means session.cookie_lifetime value from
php.ini will be used. Setting this value to 0 means the cookie is
valid for the length of the browser session.
So, 0 is not infinite session BUT browser session... You should define a big amoutn of seconds and test it.
Travis T, I went the simplest route of all. I said
nano /etc/cron.d/php5
This opened the file showing the tremendously long crontab code that purges your session by default every 30 mins. The script was preceded by a #, and all I did was uncomment both lines by removing the #. So:
# Look for and purge old sessions every 30 minutes
# 09, 39, * * * * root #[ -x /usr/lib/php5/maxlifetime ] && [ etc
it's a long file.....]
I just removed the 2 #'s in front of Look and 09. That's it !
Related
I need to increase the session time from 20 minutes to 2 hours on the Azure platform.
I searched for changing session timeout in web.config file of IIS configuration, but there are not any seesion configuration related to PHP or other languages, except ASP and IIS self, as the figure below.
So you don't worry about there are other options outside PHP which will impact PHP session timeout, just to change PHP configuration.
There are many ways to change session timeout in PHP.
Change session timeout in php.ini or via the related API.
Set session timeout in php.ini
session.cookie_lifetime = 7200 // 2*60*60 seconds
session.gc_maxlifetime = 7200
Or using ini_set function in PHP code.
ini_set('session.gc_maxlifetime', "7200");
ini_set("session.cookie_lifetime","7200");
To store the last time of the user request via set a timeout property in $_SESSION, and check how long ago with the next request, please refer to the existing SO thread PHP Session timeout.
<?php
// set the last time for each request as previous time
$_SESSION['timeout'] = time();
?>
<?php
// check the interval time with the previous request time in the current request
if ($_SESSION['timeout'] + 10 * 60 < time()) {
// session timed out
} else {
// session ok
}
?>
You can search in StackOverflow or Search Engine like Google or Bing to find other solutions, such as this SO thread How to change the session timeout in PHP? .
Adding to Peter's response.
Azure Load Balancer has a default idle timeout setting of approximately four minutes (230 sec. It is the maximum amount of time that a request can take without sending any data back to the response If your web app requires background processing you could leverage recommend using Azure WebJobs or Azure Functions is another option.
If sending data back to keep it alive is not feasible, the suggested approach is to move to an async pattern.
Additionally, by default, when your build process launches some command, it's allowed to run for up to 60 seconds without producing any output. If that is not long enough, you can make it longer, e.g. to make it 10 minutes:
SCM_COMMAND_IDLE_TIMEOUT=600
Refer the following documents for more details on this topic:
https://learn.microsoft.com/en-us/azure/app-service/faq-availability-performance-application-issues
https://social.msdn.microsoft.com/Forums/en-US/05f254a6-9b34-4eb2-a5f7-2a82fb40135f/time-out-after-230-seconds?forum=windowsazurewebsitespreview
Thanks for the attention #ajaykumar-msft and #peter-pan. I solved the problem of creating an applicationhost.xdt file and downloading the original .ini file from theloader configuration file directory in phpinfo I copied it to thesite folder I edited and changed from session.gc_maxlifetime = 1440 to session.gc_maxlifetime = 7200. Happy =)
my file applicationhost.xdt:
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<fastCgi>
<application>
<environmentVariables>
<environmentVariable name="PHPRC" xdt:Locator="Match(name)" value="d:\home\site\php7.2.10.ini" xdt:Transform="SetAttributes(value)" />
</environmentVariables>
</application>
</fastCgi>
</system.webServer>
</configuration>
I'm trying to set up the server to increase the lifetime session to 2 hours to be able to save surveys (Limesurvey) after some time of inactivity. If I try to save after 45 minutes it shows up an error message saying that the session has expired.
I have been reading a lot to find solutions but what I have found so far, didn't work. Probably because I'm missing something.
This is what I have:
Plesk 12.5.30
Limesurvey 2.06+ Build 150831
PHP 5.3.10
The settings in config-defaults.php (Limesurvey) have:
$config['iSessionExpirationTime'] = 7200;
2 hours which is ok, is what I want but does not work. So I thought that my server settings were overriding the Limesurvey settings. So I went to plesk > domains, selected my domain and clicked on PHP settings, scrolled down and added to the "additional instructions" these two lines:
session.cookie_lifetime = 7200
session.gc_maxlifetime = 7200
So now all my additional instructions looks like this:
max_input_vars = 5000
suhosin.memory_limit = 128
suhosin.post.max_value_length = 5000000
suhosin.post.max_vars = 5000
suhosin.request.max_value_length = 5000000
suhosin.request.max_vars = 5000
suhosin.simulation = 1
session.cookie_lifetime = 7200
session.gc_maxlifetime = 7200
But it didn't work anyways, I'm still having the same error when trying to save a survey when 45 minutes have elapsed.
Any help would be great.
Thanks a lot.
Check cron tasks:
cat /etc/cron.d/php5
# /etc/cron.d/php5: crontab fragment for php5
# This purges session files in session.save_path older than X,
# where X is defined in seconds as the largest value of
# session.gc_maxlifetime from all your SAPI php.ini files
# or 24 minutes if not defined. The script triggers only
# when session.save_handler=files.
#
# WARNING: The scripts tries hard to honour all relevant
# session PHP options, but if you do something unusual
# you have to disable this script and take care of your
# sessions yourself.
# Look for and purge old sessions every 30 minutes
09,39 * * * * root [ -x /usr/lib/php5/sessionclean ] && /usr/lib/php5/sessionclean
Usually the session directory is shared by all applications on the same webspace.
So if you have other applications (CMS) running they might set the session timeout shorter and so the LimeSurvey sessions get kicked, too.
I have a symfony2 project with a page to write the report of a meeting. It means the user can stay on this page and type for 2 hours without loading any new page. So when the user sends the form, his session has expired and he is sent to the login page. And he loses everything he typed.
I've already seen this post "symfony2 session lifetime" so here is my config.yml :
framework:
session:
handler_id: ~
cookie_lifetime: 86400
gc_maxlifetime: 108000
So a 24 hours cookie lifetime and a 30 hour garbage collector... Still, I tried staying 1 hour on the page and I am disconnected...
Any idea where to look at ? Thanks !
So, it looks like changing symfony's config.yml doesn't work. But after modifying the gc_maxlifetime to 108000 in my php.ini it works, I am not disconnected after some idle time.
I guess this might be linked to the handler_id: ~ (which is default), but I don't really know why... Anyway, works this way :)
Try these settings:
framework:
session:
cookie_lifetime: 60 #60 seconds
gc_maxlifetime: 50 #50 seconds - only needed for testing. Dont use this in a production environment
gc_probability: 1 #only needed for testing. Dont use this in a production environment
gc_divisor: 1 #only needed for testing. Dont use this in a production environment
You can see them over here: https://codedump.io/share/9eVPS5otSIuk
How to change the default session lifetime in Silex.
The default value is 30mn;
The doc http://silex.sensiolabs.org/doc/providers/session.html#usage is giving a clue but doesn't show an example how to do it.
When I set a session like this:
$app['session']->set('username', 'my username');
The session variable is set but it expires in 30mn.
Silex uses the Symfony Components. You can set the expiration using the migrate method for a certain session.
E.g.: $app['session']->migrate(false, 3600);
Docs
To set the expiration for all sessions:
$app['session.storage.options'] = [
'cookie_lifetime' => 3600
];
Source
Don't forget that you must have some coherence between lifetime settings in Silex and lifetime settings in your php.ini.
By default, PHP lifetime sessions are set to 1440 seconds. If you don't change this default value, the session garbage mecanism (run by /etc/cron.d/php5) will remove "old" sessions (i.e. sessions with 1440 seconds of inactivity).
Here is the explaination of /etc/cron.d/php5 :
# This purges session files in session.save_path older than X,
# where X is defined in seconds as the largest value of
# session.gc_maxlifetime from all your SAPI php.ini files
# or 24 minutes if not defined. The script triggers only
# when session.save_handler=files.
#
# WARNING: The scripts tries hard to honour all relevant
# session PHP options, but if you do something unusual
# you have to disable this script and take care of your
# sessions yourself.
I have tried multiple way to extend this, so as to not have to log in every 1440 seconds on a development server. Yet the problem still persists.
Could anybody advise on the "correct" way to achieve this? I want to set to cookie session timeout to 3600 (1 hour) instead of the default 1440.
I have tried:
Set: 'session.gc_maxlifetime' within my php.ini file
Gone onto phpmyadmin under Settings => Features => General => Login cookie validity and set this to be the timing I want.
Gone into config.ini.php in the phpmyadmin files and set: '$cfg['LoginCookieValidity']' to the required time.
Each attempt I have made sure to restart apache so as to load the new configuration. However the problem still persists.
Any help/advise will be much appreciated.
You have to edit phpmyadmin's configuration file (config.inc.php) and set the variable $cfg['LoginCookieValidity'] = 3600, I've put it at the end of the file.
Next, you have to increase the php session timeout if it is lower than 3600 seconds, to do that you have to set session.gc_maxlifetime in the php.ini file.
After that you have to restart apache.
I have done it so and it works on Ubuntu 14.04.
First you need to verified that is ini_set allowed on your system or not?
To find out what the default (file-based-sessions) session timeout value on the server is you can view it through a ini_get command:
$currentTimeoutInSecs = ini_get(’session.gc_maxlifetime’);
// php.ini setting required for session timeout.
ini_set(’session.gc_maxlifetime’, 3600);
ini_set(‘session.gc_probability’,1);
ini_set(‘session.gc_divisor’,1);
session_set_cookie_params(3600);
session_start(); // ready to go!
if you want to change the session.cookie_lifetime.
This required in some common file because to get the session values in whole application we need to write session_start(); to each file then only will get $_SESSION global variable values.
$sessionCookieExpireTime=8*60*60;
session_set_cookie_params($sessionCookieExpireTime);
session_start();