How to set session timeout in Laravel?

Question

Is there an inherent way to setup sessions to expire after a certain time. My current setup seems to be expiring after 30 minutes and I would like to disable that or at least increase it, but I can't find any places in Laravel where this could be set?

Answer 1

In app/config/session.php you have:

lifetime

option that allow you to set session expire time in minutes (not in seconds)

'lifetime' => 60, 

means that session will expire after an hour.

There is also one more setting here:

'expire_on_close' => true, 

that decides if session will be expired when browser will be closed.

Other settings you could get interested is also php.ini values of:

session.cookie_lifetime = 0 

and

session.gc_maxlifetime = 1440 

Those are default values.

The first one means how long session cookie will be stored - default value is 0 (until browse is closed). The second option means after how many of seconds PHP may destroy this session data.

I said may because there is one other option session.gc_probability in php.ini file that decides what's the chance of running garbage collector. Be default there is only 1% chance that after 1440 seconds (24 minutes) this session data will be destroyed.

Answer 2

Check your php.ini, it has a value for session.gc_maxlifetime (and also session.cookie_lifetime) that sets a limit on how long PHP will allow sessions to last. When Laravel sets the options, it passes cookie_lifetime as the value set in app/config/session.php.

However, sessions are not expired immediately after the max lifetime is reached. What happens is after that amount of time has passed the session is then available to be removed by the garbage collector.

To solve the issue

One workaround is to check your php.ini file. You may have this variable defined: session.gc_maxlifetime. By default it is set to 1440. Just comment or delete it.

From this time on you session may work properly using your session.php config values.