Symfony2 sessions not working as expected / session keeps timing out

Question

My Symfony2 application displays a main page, and from there on it primarily uses AJAX requests to display content to the user via modals.

I've noticed that after the user is idle for some period of time (around 15-30 minutes) the session is destroyed, and the user is logged out and needs to log in again. This is incredibly frustrating, since I can't expect users to log in again every time they've been idle for a few minutes.

As far as I can tell, this problem should not be happening according to my config.yml file, which is as follows:

framework:
    session:
        cookie_lifetime: 0      # Session lifetime in seconds
        gc_maxlifetime: 28800   # Seconds after which data will be seen
                                # as garbage and potentially cleaned up
        handler_id:  ~          # Current using the default session handler

For completeness, my current environment is as follows:

• Symfony 2.4.8
• PHP 5.4
• Session handler: default (file-based according to php.ini)
• Ubuntu Server 12.10

Summary:

• What should be happening: users should not be logged out, even after being idle for hours
• What is actually happening: users are being logged out after being idle for 15-30 minutes

How can I fix this?

Answer 1

I set remember me cookie set to default, and then in security.yml

security:
    firewalls:
        main:
            form_login:
                remember_me: true
            remember_me:
                key: mycookie
                lifetime: 2592000 # 30 days
                path: /
                domain: ~
                always_remember_me: true

Answer 2

The problem:

It turns out that on Debian / Ubuntu systems, there is a system cronjob which runs every 30 minutes, cleaning out all "old" sessions. Herein lies the problem.

The cronjob doesn't actually know what constitutes "old". The cronjob simply calls a PHP-CLI script located at /usr/lib/php5/maxlifetime which then removes all session files that exceed a certain age. Since the script is involved by PHP-CLI, and independently of Symfony2, it has no idea what values you specified for gc_maxlifetime and cookie_lifetime in your Symfony2 config file. Instead, if just defaults to using the session.cookie_lifetime and session.gc_maxlifetime values from the /etc/php5/cli/php.ini config file, which by default, is 24 minutes. So no matter what you specify in your Symfony2 config file, if you are idle for too long, your session will be removed.

The solution:

• Either delete the cronjob file at /etc/cron.d/php5 or,
• Store your sessions in a database where they can't be touched by the cronjob