Forums

Extending session length (not working)

Permalink
Hi everyone.

I've been working with v8.1.0 and have the requirement to extend the session length (Stay Signed In For...) functionality from default 2 weeks to an ambitious 1 year.

Now... I've added some overrides in the concrete.php config file:

'session' => array(
        'max_lifetime' => 3456000, // 40 day cookie lifetime without renew
        'cookie' => array(
            'cookie_lifetime' => 31536000 // one year cookie expiry
        )
    ),


Which should be sufficient to modify the native session handling to extend the "Stay logged in..." functionality. But it isn't. After 2 weeks the sessions are expiring as they were before.

It looks like the cookie is being set with the right value, but the system isn't respecting it. What do we think?
seopher
 
mnakalay replied on at Permalink Reply
mnakalay
not totally sure but I think you need to override the constant USER_FOREVER_COOKIE_LIFETIME which is in concrete/bootstrap/configure.php

That's the value that's used when setting the cookie in concrete\src\User\User.php line 399

The session.cookie_lifetie value seems to be overwritten every time a new session is generated.
surefyre replied on at Permalink Reply
surefyre
Which sounds like a pain in the 455.

Also it raises the question 'Why is there (still) no session length option in the dashboard?' which would seem to be a pretty basic requirement.