96

How can I change the phpmyadmin automatic log out time?

It will log out automatically after 1440 seconds which is very low for me. How can I change the option or remove log in request completely?

Donald Duck
  • 8,409
  • 22
  • 75
  • 99
Abadis
  • 2,671
  • 5
  • 28
  • 42

9 Answers9

121

Changing php.ini will change the session duration for all the websites running on the server. To change it just for PhpMyAdmin, open config.inc.php and add:

$sessionDuration = 60*60*24*7; // 60*60*24*7 = one week
ini_set('session.gc_maxlifetime', $sessionDuration);
$cfg['LoginCookieValidity'] = $sessionDuration;
laurent
  • 88,262
  • 77
  • 290
  • 428
  • 23
    there seems to be UI for setting config.php variables at http://localhost/phpmyadmin/setup/index.php?page=form&formset=Features#tab_Security - see Login Cookie Validity – psycho brm Jan 23 '13 at 14:07
  • This UI setting is a bit confusing but works for setting password in config for automatic login and set session expiration time. Upvote. – Antonio Max Feb 13 '13 at 21:33
  • but can't set cookie to unlimited time(0) – jayadevkv Dec 18 '13 at 04:30
  • 1
    Unlimited time is kind of impossible because every cookie has a "Valid Until"-Date, but you can just enter a very high number. – Marcel Burkhard Sep 30 '14 at 05:14
  • 5
    This should be the answer. The question asked how to modify phpMyAdmin. This answer solves it specifically. –  Apr 28 '15 at 20:28
  • 1
    You need to change cookie path too. Because if gc_maxlifetime is defined for an other website, the gc will delete all cookies the first time it is call for a website. You can add these 2 lines in the /etc/apache2/conf-available/phpmyadmin.conf file : php_admin_value session.gc_maxlifetime 604800 + php_admin_value session.save_path /var/lib/phpmyadmin/tmp – fred727 Sep 12 '17 at 10:41
  • I always forget the path -> `sudo gedit /etc/phpmyadmin/config.inc.php` for ubuntu / gnome – davidkonrad Dec 22 '17 at 22:10
  • /etc/webapps/phpmyadmin/config.inc.php in arch linux – LaTechneuse Jan 10 '18 at 13:15
  • @fred727 can you pls expand on your comment - maybe post it as another answer? Should your lines be placed next to the other `php_admin_value` lines? – Nikhil VJ Feb 12 '20 at 02:19
  • If I try to use init_set, phpmyadmin does not load . no error, no nothing . If I dont set it, only $cfg['LoginCookieValidity'], I get a message : "Your PHP parameter session.gc_maxlifetime is lower than cookie validity configured in phpMyAdmin, because of this, your login might expire sooner than configured in phpMyAdmin." . But, it seems to work anyway. php7.4, apache 2.4 pma 5, mariadb 10.4 on mac os 10.14 ! if $cfg['LoginCookieValidityDisableWarning'] = true, the message won't show up anymore ! – Diego Favero Mar 30 '20 at 15:14
  • @psycho brm: when I call this page, I get the following errormessage: "Configuration already exists, setup is disabled!". For sure you mean this page: http://localhost/phpmyadmin/index.php?route=/preferences/features. In general, laurent's answer doesn't seem so wrong. The documentation seems to confirm this, if I see it correctly: https://docs.phpmyadmin.net/en/release_5_2_0/config.html#config – peter70 Jan 25 '23 at 07:31
105

In PHPMyAdmin 4 this no longer appears in the config.inc.php file. Instead go to PHPMyAdmin in your browser. Ensure you are at the localhost level to see the Settings link. Then set Settings > Features > Change the value of 'Login cookie validity' > Save

instructions

Community
  • 1
  • 1
Kohjah Breese
  • 4,008
  • 6
  • 32
  • 48
  • N.B. there appears to be a limit on how many characters you can enter in this field. – Kohjah Breese Nov 19 '14 at 00:09
  • 1
    The UI change doesn't work for me. It still log out too quickly, no matter how bigger the *Login cookie validity* is. – dani24 Sep 15 '16 at 18:40
  • 4
    @dani24, did you get this notice: `Your preferences will be saved for current session only. Storing them permanently requires phpMyAdmin configuration storage.`? Click the link in this, and it will give you instructions for enabling the ability to permanently store changes. – Parapluie Apr 07 '17 at 17:54
  • phpMyAdmin will show this error. `Your PHP parameter session.gc_maxlifetime is lower than cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin.` You will have to apply Ravinder Singh's answer as well as this one. – Abraham Murciano Benzadon May 16 '17 at 17:12
  • This was te only method that worked for me. Works great :) – Joseph Astrahan Feb 20 '18 at 02:46
  • 7
    Not available in version 4.8.4 – Thanasis Feb 02 '19 at 09:56
  • This generates a warning by PHPmyAdmin if the session.gc_maxlifetime is set lower. – Tjalsma Feb 18 '19 at 18:16
89

Create or edit your php.ini file and set this variable value in it:

session.gc_maxlifetime = 1440

The integer is in seconds. 500000 seconds is 5.7 days. Then restart apache.

Eric Leschinski
  • 146,994
  • 96
  • 417
  • 335
Ravinder Singh
  • 3,113
  • 6
  • 30
  • 46
  • Thanks but I am working in localhost and have access to all files and settings – Abadis Jun 30 '12 at 09:52
  • 2
    so open your php.ini file and increase the value of session.gc_maxlifetime, that's it. – Ravinder Singh Jun 30 '12 at 09:54
  • 13
    bad answer, security issues! – Sebastian Viereck Jan 21 '14 at 15:52
  • 2
    You may also need to update $cfg['LoginCookieValidity'] in the phpmyadmin config.inc.php file. – Jorge Orpinel Pérez Oct 28 '14 at 20:39
  • 6
    @slaver113 In this case I'd say the security is fine as it's a development environment, this is NOT fine for any production environment. I'd prefer to see this mentioned in the answer. – Manuel Dec 05 '14 at 14:37
  • 1
    hs no clickpath to follow like: PHPMyAdmin in your browser > Settings > Features > Change the value of 'Login cookie validity' > Save – a coder Dec 27 '14 at 20:38
  • @php_purest should I still modify `session.gc_maxlifetime` value ? – cram2208 Jul 31 '15 at 23:19
  • I believe what I was trying to say was there's 2 main ways to do the same thing. – a coder Aug 18 '15 at 04:33
  • 9
    This has nothing to do with PHPMyAdmin's timeout. I don't know why it's so highly voted. It's not even related to the question. – felwithe Sep 11 '16 at 15:15
  • In fact it appears you have to set both `session.gc_maxlifetime` **and** `LoginCookieValidity` (see below). As for it being a "security issue" (slaver113): er, yes, you do this for your development server, not your production server. Perhaps some people here already knew that. – mike rodent Sep 21 '17 at 07:02
  • Does it only effects to the phpmyadmin or else all the sessions life times available in the same host? – mapmalith Apr 17 '18 at 07:09
13

You can change the cookie time session feature at phpmyadmin web interface

Settings->Features->General->Login cookie validity

OR

If you want to change the 'login cookie validity' in configuration file, then open the phpmMyAdmin configuration file, config.inc.php in the root directory of PHPMyAdmin.(root directory is usually /etc/phpmyadmin/)

After locating the config.inc.php , search for the line below and set it to the value of seconds you want phpmyadmin to timeout:

['LoginCookieValidity']

If you couldn't find the above line, just add the following:

$cfg['Servers'][$i]['LoginCookieValidity'] = <your_new_timeout>;

For example:

$cfg['Servers'][$i]['LoginCookieValidity'] = 3600 * 3;

The Timeout is set to 3 Hours from the Example above.

session.gc_maxlifetime might limit session validity and if the session is lost, the login cookie is also invalidated. So, we may need to set the session.gc_maxlifetime in php.ini configuration file(file location is /etc/php5 /apache2/php.ini in ubuntu). 

session.gc_maxlifetime = 3600 * 3

phpMyAdmin Documentation on LoginCookieValidity

$cfg['LoginCookieValidity']

Type: integer [number of seconds]
Default value: 1440

Define how long a login cookie is valid. Please note that php configuration option session.gc_maxlifetime might limit session validity and if the session is lost, the login cookie is also invalidated. So it is a good idea to set session.gc_maxlifetime at least to the same value of $cfg['LoginCookieValidity'].

NOTE:

  1. If your server crashed and cannot load your phpmyadmin page, check your apache log at /var/log/apache2/error.log. If you got PHP Fatal error: Call to a member function get() on a non-object in /path/to/phpmyadmin/libraries/Header.class.php on line 135, then do a chmod 644 config.inc.php. that should take care of the error.
  2. If you get the warning: Your PHP parameter session.gc_maxlifetime is lower that cookie validity configured in phpMyAdmin, because of this, your login will expire sooner than configured in phpMyAdmin., then change the session.gc_maxlifetime as mentioned above.
Foreever
  • 7,099
  • 8
  • 53
  • 55
7

For LOCAL installs only, you can remove the login and timeout altogether - this seems to be what you're after. By changing the authorization type to "config" and entering your database username and password in your config file you are automatically logged in. Add to config.inc.php:

$cfg['Servers'][$i]['verbose'] = '';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'username';
$cfg['Servers'][$i]['password'] = 'password';
$cfg['Servers'][$i]['AllowNoPassword'] = false;

Of-course if you do this on a server on the internet, some cheeky chappy will come along and gleefully download all your passwords and delete your website. This is for a development server running on your own laptop only.

An easier way to customise phpmyadmin these days is to go to http://www.example.com/phpmyadmin/setup/ , save all your settings section at a time, click save or download at the bottom, copy the file generated to your root phpmyadmin directory, then chmod it. You have to turn off write permission even if it is a local server as phpmyadmin checks this before it lets yo log in.

Chris
  • 5,664
  • 6
  • 44
  • 55
  • The file name is wrong, not a big issue as most will understand what you mean. The correct name nevertheless is `config.inc.php` – David Nov 12 '19 at 16:48
3

Explore directory 'apps\phpmyadmin4.5.2' in your wamp folder and open config.inc.php file. Then add this line under existing code.

'$cfg['LoginCookieValidity'] = 3600 * 10; //login cookie validity extended upto 10 hours'.

That's all...

Koushik Chowdhury
  • 31
  • 1
2

For phpMyadmin 5.0.2 running on Ubuntu 18.04, I edited the file as follows:

  1. sudo nano /usr/share/phpmyadmin/libraries/classes/Config/Forms/User/FeaturesForm.php

  2. find the method public static function getForms() and added LoginCookieValidity field 

    public static function getForms()
{
    $result = [
        'General' => [
            'VersionCheck',
            'NaturalOrder',
            'InitialSlidersState',
            'LoginCookieValidity', //Added this line if it missing
            ...........
      }

  3. save the file and now you will be able to change the value from user interface.

[Settings -> General -> Features -> Login Cookie Validatity]

sandip
  • 533
  • 9
  • 29
  • Thanks for this. I was looking at the answers above, and back at my 5.0.2 installation, and thinking I was losing my mind! Wonder why they removed the UI, especially if it's still there ready to be reenabled? – Headbank Aug 08 '20 at 11:41
0

Server:localhost -> Settings -> Features -> General -> Login cookie validity

Peyman Mohamadpour
  • 17,954
  • 24
  • 89
  • 100
-1

I have phpmyadmin 4.9.2. and try to config LoginCookieValidity, but I have auto logout :( If you using localhost you can try https://docs.phpmyadmin.net/en/latest/config.html#example-for-ip-address-limited-autologin

if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") {
    $cfg['Servers'][$i]['auth_type'] = 'config';
    $cfg['Servers'][$i]['user'] = 'root';
    $cfg['Servers'][$i]['password'] = 'yourpassword';
} else {
    $cfg['Servers'][$i]['auth_type'] = 'cookie';
}
Denis Viunyk
  • 101
  • 2