Jump to content
  • 0

Increase Session Timeout?


EmptyMind

Question

I understand the need for a 'reasonable' session timeout but I don't want to have to re-login 10 times a day either. (Especially annoying with OTP enabled)

 

Is there a way that I can increase the session timeout from the default? At least for the admin side? I can see clients not needing more than 30 minutes of inactivity.. but us admins.. we are in there all day.. every day.. going back and forth between working on stuff and dealing with clients.. I'd like to have a little more leeway (Especially during development).

 

Currently I go and work on something else for a little while.. an hour.. for example.. go back to test what I'm working on.. re-login required. 

 

Quite annoying. I can see the sessions table updating with every access, updating it to +30Mins. 

Link to comment
Share on other sites

23 answers to this question

Recommended Posts

  • 0
On 9/17/2013 at 3:13 PM, Paul said:

config/session.php

 

 

Change to the value you want. It's for the entire system, and applies to both clients and admins.

Where has this value moved to in 4.0? I have clients being timed out before they can complete a detailed support ticket response which doesn't get sent after.

Link to comment
Share on other sites

  • 0
32 minutes ago, evolvewh said:

Where has this value moved to in 4.0? I have clients being timed out before they can complete a detailed support ticket response which doesn't get sent after.

It does appear to be removed from the defaults.

The good news is the code (components/session/session.php) still checks to see a Configuration value of 'Session.ttl' exists. Just add that to your config (config/blesta.php) and you should be good to go.

Configure::set('Session.ttl', 9000);

-Adam

 

Link to comment
Share on other sites

  • 0
40 minutes ago, Adam said:

It does appear to be removed from the defaults.

The good news is the code (components/session/session.php) still checks to see a Configuration value of 'Session.ttl' exists. Just add that to your config (config/blesta.php) and you should be good to go.


Configure::set('Session.ttl', 9000);

-Adam

 

Thanks for the help Adam. I've added this to config/blesta.php now.

Link to comment
Share on other sites

  • 0
20 hours ago, Tyson said:

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

Is there a temporary solution to increase the amount of time that a login is active? We have clients that are typing a long support ticket (usually for website design / update tickets) and all of their message is lost by the time they are ready to click submit.

Link to comment
Share on other sites

  • 0
21 hours ago, Tyson said:

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

Doh!

54 minutes ago, evolvewh said:

Is there a temporary solution to increase the amount of time that a login is active? We have clients that are typing a long support ticket (usually for website design / update tickets) and all of their message is lost by the time they are ready to click submit.

 

Apply this patch file. It should work. It will attempt to load from config/blesta.php if a key named 'Session.ttl' exists. Otherwise, defaults to 30 minutes.

diff --git a/core/ServiceProviders/MinphpBridge.php b/core/ServiceProviders/MinphpBridge.php
index ccefd20..9367ff4 100644         
--- a/core/ServiceProviders/MinphpBridge.php                     
+++ b/core/ServiceProviders/MinphpBridge.php                   
@@ -197,9 +197,10 @@ class MinphpBridge implements ServiceProviderInterface
     {                                                                                       
         $this->container->set('minphp.session', function ($c) {
             // Determine the TTLs and which to set for the database session
+            Configure::load('blesta');                                                                          
             $cookieName = 'csid';               
             $ttls = [
-                'ttl' => 1800, // 30 mins                                               
+                'ttl' => (Configure::exists('Session.ttl')) ? Configure::get('Session.ttl') : 1800, // 30 minutes
                 'cookie_ttl' => 604800, // 7 days
             ];          
             $dbTtl = (isset($_COOKIE[$cookieName]) ? $ttls['cookie_ttl'] : $ttls['ttl']);

 

-Adam

 

Link to comment
Share on other sites

  • 0
On 4/7/2017 at 5:36 PM, Tyson said:

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

Is there a recommended workaround? We have clients typing long support ticket messages and the system times out and they lose everything they've entered.

Link to comment
Share on other sites

  • 0

In the interim you can update:

/core/ServiceProviders/MinphpBridge.php

At the bottom of the file is a set of TTLs:

$ttls = [
    'ttl' => 1800, // 30 mins
    'cookie_ttl' => 604800, // 7 days
];

Change the 'ttl' value to the number of seconds a session should last, e.g.:

$ttls = [
    'ttl' => 14400, // 4 hours
    'cookie_ttl' => 604800, // 7 days
];

Making these configurable from the config file should occur in v4.2.

Link to comment
Share on other sites

  • 0
On 27/07/2017 at 6:53 PM, Tyson said:

In the interim you can update:


/core/ServiceProviders/MinphpBridge.php

At the bottom of the file is a set of TTLs:


$ttls = [
    'ttl' => 1800, // 30 mins
    'cookie_ttl' => 604800, // 7 days
];

Change the 'ttl' value to the number of seconds a session should last, e.g.:


$ttls = [
    'ttl' => 14400, // 4 hours
    'cookie_ttl' => 604800, // 7 days
];

Making these configurable from the config file should occur in v4.2.

Im using 4.2.2. Are these options already on the config file? Whats the best way to increase the session time limit for both admin and clients? Thanks!

Link to comment
Share on other sites

  • 0
On 3/3/2018 at 6:38 PM, espservices said:

Im using 4.2.2. Are these options already on the config file? Whats the best way to increase the session time limit for both admin and clients? Thanks!

Yes, they are already in the config file, however, there is no distinction made between admins or clients in the session TTL.

Open your config file /config/blesta.php and update the session/cookie TTL values:

// Length of time (in seconds) that a session will be valid for
Configure::set('Blesta.session_ttl', 1800); // 30 minutes
// Length of time (in seconds) that a cookie will be valid for
Configure::set('Blesta.cookie_ttl', 604800); // 7 days

 

Link to comment
Share on other sites

  • 0
2 hours ago, Tyson said:

Yes, they are already in the config file, however, there is no distinction made between admins or clients in the session TTL.

Thanks for the info. Can you please consider on a future Blesta update to allow distinction between admin and clients? This is very usefull since in most cases the admins would require more session time than clients. 

I speak for myself where I want for admin Blesta session to be at least 8 hours, that is my normal work day. But clients should required less session time, since it's not needed and they care a lot less about security, accessing Blesta sometimes using public/friends computers, etc.. 

Link to comment
Share on other sites

  • 0
18 hours ago, espservices said:

Thanks for the info. Can you please consider on a future Blesta update to allow distinction between admin and clients? This is very usefull since in most cases the admins would require more session time than clients. 

I speak for myself where I want for admin Blesta session to be at least 8 hours, that is my normal work day. But clients should required less session time, since it's not needed and they care a lot less about security, accessing Blesta sometimes using public/friends computers, etc.. 

Why not just check the "Remember Me" box, and logout when done?

Link to comment
Share on other sites

  • 0
46 minutes ago, espservices said:

Are you suggesting that for clients or admin? Anyway I think it's a simple change that your team can apply on a future update.

You want to increase the admin session timeout right? There's a "Remember Me" checkbox on the login page, if you check it during login, then it won't log you out so soon. I just wonder why you don't use that, instead of increasing the session timeout? It might not be very involved to have a different session TTL for clients vs admins, I'm not sure, but so far I'm not convinced that it's something we should change. There's already an option for keeping the session open longer. What am I missing?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...