We moved our application to a new server and now the session is expiring too soon (not sure about exact hours) for the logged in users. We tried many things to find out why the session is expiring in a production environment but until now we are unsuccessful. We want to put the expiration for 20 days.
Stuff we tried:
This is the current configuration:
'Session' => [ 'defaults' => 'php', 'cookie' => 'MYAPPHO', 'timeout'=> 80320, // in min 'ini' => [ 'session.gc_maxlifetime' => 1728000, // in sec 'session.cookie_lifetime' => 1728000 ] ]
We also tried to set the
'defaults' => 'cache'
and to set the values in .htaccess
php_value session.cookie_lifetime 1728000 php_value session.gc_maxlifetime 1728000 php_value session.cache_expire 1728000
but the behavior is the same.
We also made some debugging in the Network\Session::_timedOut() but is ok, is never expiring for that reason.
Is there any way to debug more and find out what is causing the session to expire?
Hackers would be delighted to have sessions never expire, because then any stolen session ID would become a permanent key to unlock your web application.
More details on why what you’ve tried with
session.cookie_lifetime didn’t work can be found here.
Anyways, you can do it by setting the value of session.gc_probability to 0 before starting the session.
Just try to restart your application server. Some times server cache behaves weirdly.Hope this will resolve your issue.