extend session for app and Browser extension

[PittRo]

Since v. 2.11 it's quite annoying that both session in webapp and chrome extension expire very fast, in spite of checking
"Remember passphrase until I log out" or
"Remember until I log out." or

I've read a few issues about the same topic but within docker it seems a bit more complicate. The solution there is, easily set session.gc_maxlifetime higher than standard 1440 or 24 minutes in php.ini
Here my tries without any positiv effect

• set in /passbolt_docker/conf/supervisor/php.conf session.gc_maxlifetime=28800
• set in /passbolt_docker/conf/passbolt.conf under listening server settings fastcgi_param PHP_VALUE "session.gc_maxlifetime=28800"

[tchapi]

Hi
Did you finally find how to do this ? thanks !

[dlen]

Hi @tchapi

A new release of passbolt web browser extension adds a fix for this so you should not need to add any specifics on the server side.
There is on our backlog a ticket to expose server side configs to tune session timeouts. No ETA at the moment though.

[tchapi]

Hi @dlen and thanks for your quick answer

I'm at the latest (Firefox) browser extension (2.11.1), and I had the impression that the issue was still there from what I had tested, that's why I was wondering ...

In the meantime, I've created my own very simple Dockerfile to cope with the issue like this :

FROM passbolt/passbolt:latest
# Change the too small timeout for sessions to 3 days
RUN sed -i "s/session.gc_maxlifetime = .*/session.gc_maxlifetime = 259200/g" /usr/local/etc/php/php.ini

It's clearly not ideal but it seems to work.
I will remove my' hack' and retest the extension properly to see if it's me or if there is another problem, and keep you posted.

Thanks for this great product anyway !
BR

[dlen]

Thanks for the kind words!

You have some other option (so you don't have to rebuild the container) which is to mount a volume in /usr/loca/etc/php/conf.d/session.ini with the file contents you mentioned.
This way you can still use the same container we push with no modifications.

[PittRo]

@dlen thanks a lot for that clue, it works but i decided to mount the volume /usr/local/etc/php and changed the php.ini. Now the session lifetime is acceptable

[tchapi]

Just to let you know @dlen, I have retested the extension (latest version) but the problem is still here - it is necessary to change the gc_maxlifetime on the server if I don't want to have to login every half an hour...