$config->sessionExpireSeconds does not work

helmut2509 · December 4, 2019

In my PW-Application there is currently no session timeout.

I want to set the user session to 60 minutes which means that after 60 minutes of inactivity the user will be redirected to the homepage.

so I added the following entry to my config.php:

$config->sessionExpireSeconds = 120;

(120 seconds is just for testing).

But after five minutes of inactivity I am still logged in, there is no redirection.

Is there anything wrong or did I miss something?

In php.ini I have the entry:

session.cookie_lifetime = 3600

louisstephens · December 4, 2019

Just curious, could you post your code where you are redirecting based on the session? It might help with answers to see the whole picture.

wbmnfktr · December 4, 2019

Have you cleared all previous cookies and session files? Just to make sure there aren't any "old habits".

helmut2509 · December 5, 2019

11 hours ago, louisstephens said:

Just curious, could you post your code where you are redirecting based on the session? It might help with answers to see the whole picture.

if(!session()->isLoggedin)
   session()->redirect(config()->loginUrl);

wbmnfktr · December 5, 2019

I added $config->sessionExpireSeconds = 120; to my config.php
deleted all cookies and sessions (/site/assets/sessions/)
opened a private window and logged in
waited 2+ minutes
clicked a link and was redirected to the login page

It works in the backend.

How and why there might be a difference in an application or frontend... I don't know.

Maybe caching, maybing something that keeps the session alive.

Another thing is session()->isLoggedin where did you find that? All I know is $user->isLoggedin().

Maybe you could try:

if(!$user()->isLoggedin)
   session()->redirect(config()->loginUrl);

helmut2509 · December 5, 2019

11 hours ago, wbmnfktr said:
I added $config->sessionExpireSeconds = 120; to my config.php

deleted all cookies and sessions (/site/assets/sessions/)

opened a private window and logged in

waited 2+ minutes

clicked a link and was redirected to the login page

It works in the backend.

How and why there might be a difference in an application or frontend... I don't know.

Maybe caching, maybing something that keeps the session alive.

Another thing is session()->isLoggedin where did you find that? All I know is $user->isLoggedin().

Maybe you could try:
if(!$user()->isLoggedin)
   session()->redirect(config()->loginUrl);
session()->isLoggedin is just a custom variable filled with 'true' after successfull login.

I found out that the session is not being saved in /site/assets/sessions/ but in the sessions table of the processwire database.

But strangely entries are only made at logout, never at login. Even after adding the $session()->login() command nothing changed.

wbmnfktr · December 6, 2019

12 hours ago, helmut2509 said:

session()->isLoggedin is just a custom variable filled with 'true' after successfull login.

Try the $user->isLoggedin() option.

12 hours ago, helmut2509 said:

I found out that the session is not being saved in /site/assets/sessions/ but in the sessions table of the processwire database.

But strangely entries are only made at logout, never at login. Even after adding the $session()->login() command nothing changed.

I don't know enough about session handling in ProcessWire and why this is the way it works in your setup.

Which version of ProcessWire are you running? Are there any other broader modifications/custom codes for session or user handling?

Did you install any session related modules that may interfere here?

Leftfield · May 2, 2024

Is it because I ate two cakes and ice cream yesterday that the cookies don't love me anymore? Or maybe it's something else entirely, like needing to clear the cache (I did, deleted cookies too)? This keeps logging me out after about 30 minutes, which is super annoying! Can you help?

$config->sessionExpireSeconds = 432000;

netcarver · May 2, 2024

On 12/4/2019 at 4:14 PM, helmut2509 said:

In php.ini I have the entry:

session.cookie_lifetime = 3600

@Leftfield Got to run now, but can you check what your session.cookie_lifetime setting is (just in case it's this for you?)

Leftfield · May 2, 2024

@netcarverYes, it is for me (Thanks for helping me).

I tried with php.ini, but nothing. Set 10800, waited a bit and was logged out. :(

I see my cookie wires_challenge says: 2024-06-01T15:04:30.853Z but if was same as before asking question

session.cookie_lifetime = 10800

netcarver · May 2, 2024

Ok, other things that come to mind are...

session.gc_maxlifetime is set to something low.
You are using php-fpm and it has a different php.ini file with different settings to the one you looked at before (maybe)

cwsoft · May 2, 2024

Just to check. There is no forgotten config-dev.php around with different settings? Have you cleared out all sessions and cookies via browser dev tools?

adrian · May 3, 2024

If you're running Debian, try adding this to your config.php

/**
 * Enable Session Garbage Collection
 * Garbage Collection is disabled in Debian as default (probability set to zero)
 * Enable session garbage collection with a 1% chance of running on each session_start();
 * Chance calculated as gc_probability/gc_divisor
 * Session path is defined inside wire/core/Session.php and points to site/assets/sessions
 * Thanks to this modification session now takes into account gc_maxlifetime set in config
 */
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);

Leftfield · May 3, 2024

@cwsoftthanks for helping me!

2 hours ago, adrian said:

ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);

@adrian It's running on LiteSpeed, but I don't know what's underneath it. But hey, it is working like a charm.

adrian · May 4, 2024

@ryan - I wonder if PW might automatically include those gc tweaks when Debian is detected? Maybe via something like this. Perhaps it could be run at install, rather than runtime if you're concerned about performance although it is only about 1ms.

if (strtolower(substr(PHP_OS, 0, 5)) === 'linux') {
    $vars = array();
    $files = glob('/etc/*-release');
    foreach ($files as $file) {
        $lines = array_filter(array_map(function($line) {
            // split value from key
            $parts = explode('=', $line);
            // makes sure that "useless" lines are ignored (together with array_filter)
            if (count($parts) !== 2) return false;
            // remove quotes and new lines
            $parts[1] = str_replace(array('"', "'", "\n"), '', $parts[1]);
            return $parts;
        }, file($file)));

        foreach ($lines as $line) {
            $vars[$line[0]] = $line[1];
        }
    }
    d($vars['ID']);
}

Sign In

$config->sessionExpireSeconds does not work

Recommended Posts

helmut2509

louisstephens

wbmnfktr

helmut2509

wbmnfktr

helmut2509

wbmnfktr

Leftfield

netcarver

Leftfield

netcarver

cwsoft

adrian

Leftfield

adrian

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Similar Content

Redirect with hooks in ready.php

addHookBefore('Session::redirect', ...) not working if template-settings-based PW redirects are used

SameSite cookies to None

Unable to login on second machine with exact same setup

Unable to login on second machine with exact same setup

Browse

Activity

My Activity Streams

Support

Store

My Details