Session timeout on login. Unexpected behavior.

Question

Session timeout on login. Unexpected behavior.

Opened this issue 10 years ago · 5 comments

I plan to fix it by myself, so i interested in your requests.

Session timeout don't working as expected.
When you do this:
setcookie(session_name(), session_id(), time() + $timeout);
you change lifetime of cookie in browser, but not change lifetime of session files on server.
And when time come - session files become deleted and session become ended regardless of cookie lifetime.

I think, that adding session lifetime in config is a good idea.
It will be same for all users.
It is possible set personal settings of session lifetime for each user in config, but i don't think that it is needful.

Another setting i want to add is session files store path.
Here explanation of problem that could be fixed by this setting (see note one).
http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime

Answer 1 · 2016-08-06T18:03:05.000Z

Hi,
Is there any update on this issue?

Answer 2 · 2016-08-07T20:34:03.000Z

Hi, you can get my pull-request #102, that fixing it.

Answer 3 · 2016-08-18T15:48:42.000Z

Cool, thank you.

Answer 4 · 2017-08-22T01:37:08.000Z

Vote on this issue please #133

Answer 5 · 2020-12-01T04:19:38.000Z

change session_start at the top of app/classes/BaseController.php

session_start([ 'cookie_lifetime' => 172800 ]);

172800 is two-days