Laravel Session Expire Time for Each Session

Laravel session expire time for each session

You can change the session lifetime, application wide by changing the lifetime value on config/session.php:

/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/

'lifetime' => 4320,
'expire_on_close' => false,

---

Now, if you want to control the session lifetime per user, you need to set this value before logging in the user.

1. Try if user exists in database
2. If yes, and he is user who needs longer session lifetime, run config(['session.lifetime' => $newLifetime]);
3. Log user in
4. Enjoy longer session lifetime for current user

— Source

You have to make the above changes in LoginController.

How to do give expire time to specific session in laravel 5.6 ?

$_SESSION['expire'] = time() + 259200; // 3 days

if(time() > $_SESSION['expire'])
{  

 session_unset();
 session_destroy(); 

}

Laravel 5.7 session expires immediately after log in

I have faced the same problem on AWS EBS.

Here are two solution :

1. Give 775 permission to storage directory. Maybe a server not have permission to create a session file.

2. Change session driver from file to database.

   SESSION_DRIVER=database
   So session will manage by database.

for this you also need to perform below command

php artisan session:table

composer dump-autoload

php artisan migrate

For reference : https://laravel.com/docs/5.7/session

How does an HTTP session exactly work and in what cases does it expire (in Laravel)?

As you can see, session is dependent on the driver you choose, and at the same time you can select the timeout as well in config\session.php.

In case of Cookie, the session will expire in two cases:

1. Once the cookie has expired/deleted.
2. Or (current_time - cookie_creation_time) > session_timeout set in the session.php.

In all drivers, one thing is common: whenever you access the website, and a request is made to the server, it will add the last access time and calculate the session timeout from there.

When the user navigates from the browser and the cookie is still there and it hasn't expired, the user will be identified and session will remain the same.

I hope it's clearer... If not, let me know. I will share some examples.

How to set session timeout in Laravel?

In app/config/session.php you have:

lifetime

option that allow you to set session expire time in minutes (not in seconds)

'lifetime' => 60,

means that session will expire after an hour.

There is also one more setting here:

'expire_on_close' => true,

that decides if session will be expired when browser will be closed.

Other settings you could get interested is also php.ini values of:

session.cookie_lifetime = 0

and

session.gc_maxlifetime = 1440

Those are default values.

The first one means how long session cookie will be stored - default value is 0 (until browse is closed). The second option means after how many of seconds PHP may destroy this session data.

I said may because there is one other option session.gc_probability in php.ini file that decides what's the chance of running garbage collector. Be default there is only 1% chance that after 1440 seconds (24 minutes) this session data will be destroyed.

---

Related Topics