phpMyAdmin - cannot change session expiration time

Question

I know this question has been asked many times on SO website. However, I have read this, this, this, this, this and this, and more. None of them worked. I have also tried to change the session files location and other things I don't remember now.

My setup:

one: the config.inc.php file:

<?php
$cfg['LoginCookieValidity'] = 3600 * 24; // http://docs.phpmyadmin.net/en/latest/config.html#cfg_LoginCookieValidity

this shows up in phpMyAdmin settings:

two: .htaccess file:

php_value session.gc_maxlifetime 86400

three: phpinfo.php file from phpMyAdmin root shows:

four: the server (uname -a):

Linux ubuntu-13 3.11.0-26-generic #45-Ubuntu SMP Tue Jul 15 04:02:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Is there any other way I can increase the phpMyAdmin session timeout?

Answer 1

Ubuntu will by default disable the PHP session garbage collector (by setting the master value of session.gc_probability to 0), and in stead use a cronjob to delete session files after they reach a certain age. The age is determined by the master value of session.gc_maxlifetime.

This means that regardless of your local 86400 seconds value (which has no effect because of the disabled session garbage collection) the cronjob will delete sessions files after 1440 seconds.

So you have 2 options:

1. Disable the cronjob (probably /etc/cron.d/php5) and enable the PHP session garbage collector, by setting session.gc_probability to 1 (in all /etc/php5/*/php.ini files).

2. Set the correct master value for session.gc_maxlifetime. Yours is 1440 seconds. Alter it (in all /etc/php5/*/php.ini files) to the greatest local value any virtual host / php application on the server uses (so at least 86400 seconds).

Answer 2

PhpMyAdmin should be working fine with your configurations, you may have messed with something while you were originally trying to get it to work. since you can't reinstall phpmyadmin or do upgrades on the server. there are other solutions to this problem.

Hacking the core

I don't think that this is a good idea but if you really want to get rid of this you can disable the feature by modifying AuthenticationCookie.class.php in libraries/plugins/auth/

go this line

    if ($_SESSION['last_access_time'] < $last_access_time
    ) {
        PMA_Util::cacheUnset('is_create_db_priv', null);
        PMA_Util::cacheUnset('is_process_priv', null);
        PMA_Util::cacheUnset('is_reload_priv', null);
        PMA_Util::cacheUnset('db_to_create', null);
        PMA_Util::cacheUnset('dbs_where_create_table_allowed', null);
        $GLOBALS['no_activity'] = true;
        $this->authFails();
        if (! defined('TESTSUITE')) {
            exit;
        } else {
            return false;
        }
    }

and edit it to

    if (false
    ) {
        PMA_Util::cacheUnset('is_create_db_priv', null);
        PMA_Util::cacheUnset('is_process_priv', null);
        PMA_Util::cacheUnset('is_reload_priv', null);
        PMA_Util::cacheUnset('db_to_create', null);
        PMA_Util::cacheUnset('dbs_where_create_table_allowed', null);
        $GLOBALS['no_activity'] = true;
        $this->authFails();
        if (! defined('TESTSUITE')) {
            exit;
        } else {
            return false;
        }
    }

By doing this the feature will be disabled and there is not timeout anymore. You can always click on logout when you complete your work with phpmyadmin.

Or Use a browser add-on

• Firefox Phpmyadmin Timeout Preveneter