Menu
We moved our application to a new server and now the session is expiring too soon (not sure about exact hours) for the logged in users. We tried many things to find out why the session is expiring in a production environment but until now we are unsuccessful. We want to put the expiration for 20 days.
Stuff we tried:
This is the current configuration:
'Session' => [
'defaults' => 'php',
'cookie' => 'MYAPPHO',
'timeout'=> 80320, // in min
'ini' => [
'session.gc_maxlifetime' => 1728000, // in sec
'session.cookie_lifetime' => 1728000
]
]
We also tried to set the
'defaults' => 'cache'
and to set the values in .htaccess
php_value session.cookie_lifetime 1728000
php_value session.gc_maxlifetime 1728000
php_value session.cache_expire 1728000
but the behavior is the same.
We also made some debugging in the Network\Session::_timedOut() but is ok, is never expiring for that reason.
Is there any way to debug more and find out what is causing the session to expire?
611
Hackers would be delighted to have sessions never expire, because then any stolen session ID would become a permanent key to unlock your web application.
More details on why what you've tried with session.gc_maxlifetime and session.cookie_lifetime didn't work can be found here.
Anyways, you can do it by setting the value of session.gc_probability to 0 before starting the session.
133
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
