22

When user logged-in and remains inactive, How many seconds after that system logouts the user automatically? How to change this setting?

syraz37
  • 756
  • 2
  • 6
  • 11

1 Answers1

47

Assuming you are using the session driver to handle your authentication, you can change the time period for an idle session to expire in the /app/config/session.php file. 

/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/

'lifetime' => 120,

'expire_on_close' => false,
Jeemusu
  • 10,415
  • 3
  • 42
  • 64
  • 2
    So after 120 s , to all the Auth::user will be auto logged out ? Is that correct ? – iori Nov 24 '14 at 16:53
  • 3
    It's **minutes**. So after 120 minutes the user will be logged out. – Jeemusu Nov 25 '14 at 04:43
  • 3
    Ohh nice. Thanks for clarify. So I assume at the 119.999 minutes the program will automatically called the **Auth::logout();** function at some point. Is that right ? Do you know where that in Laravel ? The reason why I am asking this, is because I want to set some value into my database before the log-out function. I hope to hear back from you. :) – iori Nov 25 '14 at 13:51
  • @iori were you ever able to figure this out? I also want to run a command before auto logout – NightMICU Mar 03 '15 at 02:02
  • 2
    The program will not automatically log the user out. Every time the user access a page on the site it will do a check to see if the time between their last visit is > x minutes . If it is, then the application logs them out, but the user needs to visit the site to trigger this. – Jeemusu Mar 04 '15 at 02:53
  • 2
    @NightMICU If you want to trigger some code every time a user is logged out, you could use an [event subscriber](http://laravel.com/docs/4.2/events#event-subscribers) for the `auth.logout` event. – Jeemusu Mar 04 '15 at 02:54
  • @Jeemusu this also make the csrf token expire in the same time, is there a way to only expire the user's session? – Julio Motol Mar 18 '20 at 08:58
  • 1
    The location of this file has changed to `/config/session.php` – Thor Oct 26 '22 at 18:53