Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Laravel 5.1 sessions expiring randomly

I have a L5.1 app and am experiencing issues with sessions expiring randomly. It is happening on my local environment and the live environment so it doesn't look like it is a server issue. Locally I am using XAMPP with PHP 5.5.11. On the live site is on a dedicated server running Centos 6 with PHP 5.6.13.

The issue happens if I just browse around the site eventually after about 20-30 page requests the sessions drops and so the user is logged out. I am using the database driver and here is my session config:

<?php

return [

    /*
    |--------------------------------------------------------------------------
    | Default Session Driver
    |--------------------------------------------------------------------------
    |
    | This option controls the default session "driver" that will be used on
    | requests. By default, we will use the lightweight native driver but
    | you may specify any of the other wonderful drivers provided here.
    |
    | Supported: "file", "cookie", "database", "apc",
    |            "memcached", "redis", "array"
    |
    */

    'driver' => 'database',

    /*
    |--------------------------------------------------------------------------
    | Session Lifetime
    |--------------------------------------------------------------------------
    |
    | Here you may specify the number of minutes that you wish the session
    | to be allowed to remain idle before it expires. If you want them
    | to immediately expire on the browser closing, set that option.
    |
    */

    'lifetime' => 120,

    'expire_on_close' => false,

    /*
    |--------------------------------------------------------------------------
    | Session Encryption
    |--------------------------------------------------------------------------
    |
    | This option allows you to easily specify that all of your session data
    | should be encrypted before it is stored. All encryption will be run
    | automatically by Laravel and you can use the Session like normal.
    |
    */

    'encrypt' => false,

    /*
    |--------------------------------------------------------------------------
    | Session File Location
    |--------------------------------------------------------------------------
    |
    | When using the native session driver, we need a location where session
    | files may be stored. A default has been set for you but a different
    | location may be specified. This is only needed for file sessions.
    |
    */

    'files' => storage_path('framework/sessions'),

    /*
    |--------------------------------------------------------------------------
    | Session Database Connection
    |--------------------------------------------------------------------------
    |
    | When using the "database" or "redis" session drivers, you may specify a
    | connection that should be used to manage these sessions. This should
    | correspond to a connection in your database configuration options.
    |
    */

    'connection' => null,

    /*
    |--------------------------------------------------------------------------
    | Session Database Table
    |--------------------------------------------------------------------------
    |
    | When using the "database" session driver, you may specify the table we
    | should use to manage the sessions. Of course, a sensible default is
    | provided for you; however, you are free to change this as needed.
    |
    */

    'table' => 'sessions',

    /*
    |--------------------------------------------------------------------------
    | Session Sweeping Lottery
    |--------------------------------------------------------------------------
    |
    | Some session drivers must manually sweep their storage location to get
    | rid of old sessions from storage. Here are the chances that it will
    | happen on a given request. By default, the odds are 2 out of 100.
    |
    */

    'lottery' => [2, 100],

    /*
    |--------------------------------------------------------------------------
    | Session Cookie Name
    |--------------------------------------------------------------------------
    |
    | Here you may change the name of the cookie used to identify a session
    | instance by ID. The name specified here will get used every time a
    | new session cookie is created by the framework for every driver.
    |
    */

    'cookie' => 'laravel_session',

    /*
    |--------------------------------------------------------------------------
    | Session Cookie Path
    |--------------------------------------------------------------------------
    |
    | The session cookie path determines the path for which the cookie will
    | be regarded as available. Typically, this will be the root path of
    | your application but you are free to change this when necessary.
    |
    */

    'path' => '/',

    /*
    |--------------------------------------------------------------------------
    | Session Cookie Domain
    |--------------------------------------------------------------------------
    |
    | Here you may change the domain of the cookie used to identify a session
    | in your application. This will determine which domains the cookie is
    | available to in your application. A sensible default has been set.
    |
    */

    'domain' => null,

    /*
    |--------------------------------------------------------------------------
    | HTTPS Only Cookies
    |--------------------------------------------------------------------------
    |
    | By setting this option to true, session cookies will only be sent back
    | to the server if the browser has a HTTPS connection. This will keep
    | the cookie from being sent to you if it can not be done securely.
    |
    */

    'secure' => false,

];

Since I'm not manually clearing the session anywhere I'm fairly confident that nothing I am doing could be causing it. Are there any known bugs that could cause this behaviour?

like image 874
geoffs3310 Avatar asked Oct 19 '15 11:10

geoffs3310


People also ask

Why session gets expired?

If your Internet connection is unstable, periodically disconnecting and reconnecting, it can cause a website session to expire. When the Internet connection is lost the website connection can be terminated, resulting in a session expired message if you try to access any page after the Internet reconnects.

How does Laravel session expire?

There is also one more setting here: 'expire_on_close' => true, that decides if session will be expired when browser will be closed.

How remove session expired in Laravel?

You can increase the session lifetime in config\session. php . By default it might be set to 120. Increase it to thousands to prevent session timeout.

How do I increase my session lifetime in Laravel?

If you want to increase your session life time then we need to change in . env file and it is very easy to change it from configuration file in laravel. laravel provides you session. php file there is we can see 'lifetime' key option for setting time in minutes.


2 Answers

If you're using the database driver then sometimes you can run into problems with the payload field being too short. By default the payload field is a text field, which allows 64KB of data.

That may seem a lot, but as the payload is stored as a serialized array, which is basically a really long string, and is then base64 encoded, it can easily hit its max length which will effectively corrupt the session for that user.

I'd suggest changing the data type to MEDIUMTEXT (16MB max) or re-think how much data you're saving to the session in the first place.

like image 114
Mike Avatar answered Oct 06 '22 00:10

Mike


Please check your session sweeping lottery further down in same file config/session.php

/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/

'lottery' => [2, 100],
like image 44
Gravy Avatar answered Oct 05 '22 22:10

Gravy