Magento 2 backend session timeout

Stores > Settings > Configuration > Advanced > Admin > Security > Admin Session Lifetime (seconds)

Also, there is a possibility to set this parameter directly to the database, just put a value under the path

admin/security/session_lifetime

in the table core_config_data

Update

Magento 2.1 admin cookie life time = Stores > Settings > Configuration > Advanced > Admin > Security > Admin Session Lifetime (seconds) or till the user closes the browser

Since Magento 2.1 introduces lifetime for admin cookie as "expires on browser close", together with value in 

Stores >Settings > Configuration > Advanced > Admin > Security > Admin Session Lifetime (seconds)

That means, that session lifetime equals the value in 

Stores > Settings > Configuration > Advanced > Admin > Security > Admin Session Lifetime (seconds)

or when a browser is closed.

Or you can set up a new value for admin cookie like it is proposed in fschmengler's answer


Check attached image screenshot for better understanding of admin process.

Go to Stores->Settings->Configuration->Advanced->Admin->Security->Admin Session Lifetime (seconds)

And check screenshot. enter image description here


Solution for Magento 2.1+

Since Magento 2.1 the admin session lifetime is always "session", i.e. until the browser is closed. This has been might have been introduced for security reasons.

The relevant code is in Magento\Backend\Model\Session\AdminConfig:

/**
 * Set session cookie lifetime to session duration
 *
 * @return $this
 */
protected function configureCookieLifetime()
{
    return $this->setCookieLifetime(0);
}

If you want to change this behavior, you can add a plugin for this class with the following interceptor method:

public function beforeSetCookieLifetime()
{
    $lifetime = $this->scopeConfig->getValue(
        \Magento\Framework\Session\Config::XML_PATH_COOKIE_LIFETIME,
        \Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT);
    return [$lifetime, \Magento\Framework\Session\Config::COOKIE_LIFETIME_DEFAULT];
}

Where $this->scopeConfig should be an instance of \Magento\Framework\App\Config\ScopeConfigInterface, injected via constructor parameter.

This way the cookie lifetime is used from configuration, just as in the frontend.

Note that the configuration in Stores > Configuration > Advanced > Admin Security > Session Lifetime does not have any effect on the cookies anymore! It is used to determine Redis session lifetime, so if you increase the cookie lifetime, you should also increase this value.

Tags:

Configuration

Session

Admin

Backend

Magento2

Related

Magento 2: requirejs-config.js in themes? Magento 2 : Override block file Magento\ConfigurableProduct\Block\Product\View\Type\Configurable.php Magento2 - How to stop a product from getting added to cart programmatically? Magento 2 Display Sub Category of parent? Magento 2: "Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider" Refresh the cache programmatically in Magento 2 at window system Magento 2 - What is the correct way to change default Order Id? How to import product images in bulk into Magento 2? my table is not installing in Magento 2 Magento 2: How can I deploy my theme only Magento 2: Diagram of database tables, such as Orders, Products, etc. and their relationships Magento 2 : How to set multiple currencies in one storefront?

Recent Posts