0

I'm working on a legacy cakephp 2.6.1 application and the customer requires a longer session timeout. I can extend the cookie duration, but no matter what configuration I change, if the user stays idle for about an hour, the session expires on the server. Is there something I am missing? Here is my Session config:

Configure::write( 'Session', array(
  'defaults'      => 'php',
  'cookie' => 'CookieName',
  'timeout'       => 240,
  'cookieTimeout' => 240,
  'autoRegenerate' => true,
  'ini' => array(
      'session.gc_maxlifetime' => 14400,
      'session.cookie_lifetime' => 14400,
   ),
));

The app is running in a standard LAMP stack with PHP 5.6

SrThompson
  • 5,568
  • 2
  • 17
  • 25
  • change yhe php ini settings more reliable than letting a script do it –  Feb 22 '18 at 19:44
  • I don't have access to php.ini on production, only the htaccess files and the framework's configuration. In theory, that code up there calls ini_set with the parameters on the array (the functionality is provided by cake) – SrThompson Feb 22 '18 at 19:48
  • 1
    in hte last week i have had to do this, `ini_set('session.gc_maxlifetime', 3600);` –  Feb 22 '18 at 19:51
  • The cookie lifetime is set fine when I change it, but the problem is that even if I make the cookie expire in say, 4 hours, if the user remains idle for an hour or so the session expires anyway, even though the cookie was still valid – SrThompson Feb 22 '18 at 20:09
  • 1
    The session is not meant to be used for such a long time. The gc_maxlifetime set at script level may be ignored by the garbage collector for higher values. See this answer for more details https://stackoverflow.com/a/18573350/2244481. An alternative could be using a plugin like this https://github.com/milesj/auto-login/blob/master/Docs/usage.md. The plugin for 2x is no longer maintained, but it works. You can look into the code to have a better understanding. – nithin Feb 26 '18 at 09:15
  • We've warned the client that such a long lasting session is not recommended, but they insist. Thanks though @nithin, I'll check out that plugin – SrThompson Feb 26 '18 at 13:18

0 Answers0