Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BE Session timeout #1500

Closed
asaage opened this issue Apr 27, 2018 · 11 comments
Closed

BE Session timeout #1500

asaage opened this issue Apr 27, 2018 · 11 comments

Comments

@asaage
Copy link

asaage commented Apr 27, 2018

I usually increase the Session timeout:
System>Settings>Timeout values>Session timeout from default 3600 to 36000

But for some reason that doesn't work for me. After ~1h absence i have to login again.
No IP-change is happening in this time and my phpinfo() tells me:
session.cookie_lifetime = 0
session.gc_maxlifetime = 1440
The PHPSESSID Cookie is valid until the end of the session

Can anyone else confirm this?
@xchs
Copy link
Contributor

xchs commented Apr 27, 2018

See #1428

@Anke
Copy link

Anke commented Aug 14, 2023

I don't quite understand. I have a new 5.1 installation and was logged out of the backend after 30 minutes during a phone call. Since I cannot change php-ini settings does that mean I have to hit a cursor key or play with the mouse in the BE while being on the phone, so I can resume my work? While 30 minute sessions may be desireable for BE editors, it seems somewhat counter-productive for admins.

@fritzmg
Copy link
Contributor

fritzmg commented Aug 14, 2023

does that mean I have to hit a cursor key or play with the mouse in the BE

No, you need to make actual requests.

Since I cannot change php-ini settings

Then you will need to implement a keep-alive request for your back end.

@ausi
Copy link
Member

ausi commented Aug 14, 2023

Since I cannot change php-ini settings

Why can’t you change PHP ini settings?

@Anke
Copy link

Anke commented Aug 14, 2023

I can only change a few settings, not session.gc_maxlifetime e.g.. So I'll use the autologin of my password manager.
After all those years I am still bewildered at times by the differences between user requirements and developer realizations ...

@ausi
Copy link
Member

ausi commented Aug 14, 2023
edited

After all those years I am still bewildered at times by the differences between user requirements and developer realizations ...

What would your suggestion be that we as developers should do in this case?
session.gc_maxlifetime controls in PHP after how long session data should get deleted.
After the session data is deleted, Contao has no way to access it anymore.

I can only change a few settings, not session.gc_maxlifetime e.g..

What is the reasoning behind this? Can you please ask your hosting provider for an explanation?

@Anke
Copy link

Anke commented Aug 14, 2023

After all those years I am still bewildered at times by the differences between user requirements and developer realizations ...

What would your suggestion be that we as developers should do in this case? session.gc_maxlifetime controls in PHP after how long session data should get deleted. After the session data is deleted, Contao has no way to access it anymore.

I wouldn't know, that's why I'm counting on developers with smart ideas ;-) - according to the motto, where there's a will or big enough need, there's a way. Seriously: As a user all I know I had a session duration setting in Contao 3, now I have a really neat modern Contao version without it.

I can only change a few settings, not session.gc_maxlifetime e.g..

What is the reasoning behind this? Can you please ask your hosting provider for an explanation?

It's Ionos shared hosting. I'll ask.

@fritzmg
Copy link
Contributor

fritzmg commented Aug 14, 2023
edited

Seriously: As a user all I know I had a session duration setting in Contao 3, now I have a really neat modern Contao version without it.

The behaviour would be the same in Contao 3. This PHP setting applies to all PHP applications.

@fritzmg
Copy link
Contributor

fritzmg commented Aug 14, 2023
edited

Seriously: As a user all I know I had a session duration setting in Contao 3, now I have a really neat modern Contao version without it.

The behaviour would be the same in Contao 3. This PHP setting applies to all PHP applications.

I was wrong about that - Contao 2/3 did in fact implement its own database based session storage (while still using the PHP session ID).

In Contao 4+ your only option is to increase gc_maxlifetime or configure a different session storage. See

@ausi
Copy link
Member

ausi commented Aug 14, 2023

I read through the documentation of Symfony session and it seems that it is possible to overwrite gc_maxlifetime in the session config: https://symfony.com/doc/current/reference/configuration/framework.html#gc-maxlifetime

@Anke can you please try if it works for you if you add the following to your config/config.yaml

framework:
    session:
        gc_maxlifetime: 7200

@Anke
Copy link

Anke commented Aug 14, 2023
edited

Okay, I'll try and report here. Probably tomorrow, though. Would be great!

EDIT: Seems to be working! Thank you!
EDIT 2: Oder doch nicht. Eben war ich eine knappe Std. nicht am Rechner, der schon in den Standby gegangen war. Da war ich dann wieder raus aus dem BE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ausi @leofeyer @xchs @Anke @asaage @fritzmg