How to set session timeout in Laravel?
Check your php.ini, it has a value for session.gc_maxlifetime (and also session.cookie_lifetime) that sets a limit on how long PHP will allow sessions to last. When Laravel sets the options, it passes cookie_lifetime
as the value set in app/config/session.php
.
However, sessions are not expired immediately after the max lifetime is reached. What happens is after that amount of time has passed the session is then available to be removed by the garbage collector.
To solve the issue
One workaround is to check your php.ini
file. You may have this variable defined: session.gc_maxlifetime
. By default it is set to 1440. Just comment or delete it.
From this time on you session may work properly using your session.php config values.
Native PHP session support was dropped starting in Laravel 4.1
To configure session lifetime edit app/config/session.php
and set the following:
/* if this is set to 'native' it will use file.
if this is set to 'array' sessions will not persist across requests
effectively expiring them immediately.
*/
'driver' => 'file'
/* number of minutes after which the session is available for Laravel's
built in garbage collection.
Prior to 4.1 you could set this to zero to expire sessions when
the browser closes. See the next option below.
*/
'lifetime' => 60
/* If true sessions will expire when the user closes the browser.
This effectively ignores your lifetime setting above.
Set to false if you want Laravel to respect the lifetime value.
If your config file was written before 4.1 you need to add this.
*/
'expire_on_close' => false,
References:
- Discussion of why native PHP sessions were dropped. (because it automatically adds cookie information to headers which requires a lot of work for frameworks to get around if they want to completely wrap the request/response)
- Other Laravel session drivers
- Addition of expire_on_close config option discussed in Laravel 4.0 to 4.1 upgrade guide
Run artisan changes 4.1.*
at the command line to see the note about the native
session driver being equivalent to file
$ artisan changes 4.1.* | grep -i native
-> Native session driver has been replaced by 'file'. Specifying 'native' driver will just use the new file driver.
In app/config/session.php
you have:
lifetime
option that allow you to set session expire time in minutes (not in seconds)
'lifetime' => 60,
means that session will expire after an hour.
There is also one more setting here:
'expire_on_close' => true,
that decides if session will be expired when browser will be closed.
Other settings you could get interested is also php.ini
values of:
session.cookie_lifetime = 0
and
session.gc_maxlifetime = 1440
Those are default values.
The first one means how long session cookie will be stored - default value is 0 (until browse is closed). The second option means after how many of seconds PHP may destroy this session data.
I said may because there is one other option session.gc_probability
in php.ini
file that decides what's the chance of running garbage collector. Be default there is only 1% chance that after 1440 seconds (24 minutes) this session data will be destroyed.
App\Config\Session.php
check for lifetime...
you can also set...
Cookie::make('name', 'value', 60); // 1 hr