Increase Session Timeout?

[EmptyMind]

I understand the need for a 'reasonable' session timeout but I don't want to have to re-login 10 times a day either. (Especially annoying with OTP enabled)

 

Is there a way that I can increase the session timeout from the default? At least for the admin side? I can see clients not needing more than 30 minutes of inactivity.. but us admins.. we are in there all day.. every day.. going back and forth between working on stuff and dealing with clients.. I'd like to have a little more leeway (Especially during development).

 

Currently I go and work on something else for a little while.. an hour.. for example.. go back to test what I'm working on.. re-login required. 

 

Quite annoying. I can see the sessions table updating with every access, updating it to +30Mins. 

[Paul]

config/session.php

 

  Quote

Configure::set("Session.ttl", 1800);

 

Change to the value you want. It's for the entire system, and applies to both clients and admins.

[EmptyMind]

Just for my reference.. is this going to be overwritten during updates?

[Paul]

  On 9/17/2013 at 10:00 PM, EmptyMind said:

Just for my reference.. is this going to be overwritten during updates?

 

Yes it would. This file won't change often, but you'll want to merge the changes if there are any in a future release. If there are no changes, you can simply forget to upload it.

[EmptyMind]

Noted. TY. 

[evolvewh]

  On 9/17/2013 at 9:13 PM, Paul said:

config/session.php

 

 

Change to the value you want. It's for the entire system, and applies to both clients and admins.

Expand  

Where has this value moved to in 4.0? I have clients being timed out before they can complete a detailed support ticket response which doesn't get sent after.

[Michael]

  On 4/7/2017 at 4:01 PM, evolvewh said:

Where has this value moved to in 4.0? I have clients being timed out before they can complete a detailed support ticket response which doesn't get sent after.

Expand  

Still there for me.

[Adam]

  On 4/7/2017 at 4:01 PM, evolvewh said:

Where has this value moved to in 4.0? I have clients being timed out before they can complete a detailed support ticket response which doesn't get sent after.

Expand  

It does appear to be removed from the defaults.

The good news is the code (components/session/session.php) still checks to see a Configuration value of 'Session.ttl' exists. Just add that to your config (config/blesta.php) and you should be good to go.

Configure::set('Session.ttl', 9000);

-Adam

 

[evolvewh]

  On 4/7/2017 at 4:12 PM, Licensecart said:

Still there for me.

Expand  

Take a look at a fresh download of 4.0 and you'll see that config/sessions.php is gone. If you have it, it's from the 3.6.2 install.

[evolvewh]

  On 4/7/2017 at 4:17 PM, Adam said:

It does appear to be removed from the defaults.

The good news is the code (components/session/session.php) still checks to see a Configuration value of 'Session.ttl' exists. Just add that to your config (config/blesta.php) and you should be good to go.

Configure::set('Session.ttl', 9000);

-Adam

 

Expand  

Thanks for the help Adam. I've added this to config/blesta.php now.

[Tyson]

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

[evolvewh]

  On 4/7/2017 at 11:36 PM, Tyson said:

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

Expand  

Is there a temporary solution to increase the amount of time that a login is active? We have clients that are typing a long support ticket (usually for website design / update tickets) and all of their message is lost by the time they are ready to click submit.

[Adam]

  On 4/7/2017 at 11:36 PM, Tyson said:

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

Expand  

Doh!

  On 4/8/2017 at 7:55 PM, evolvewh said:

Is there a temporary solution to increase the amount of time that a login is active? We have clients that are typing a long support ticket (usually for website design / update tickets) and all of their message is lost by the time they are ready to click submit.

Expand  

 

Apply this patch file. It should work. It will attempt to load from config/blesta.php if a key named 'Session.ttl' exists. Otherwise, defaults to 30 minutes.

diff --git a/core/ServiceProviders/MinphpBridge.php b/core/ServiceProviders/MinphpBridge.php
index ccefd20..9367ff4 100644         
--- a/core/ServiceProviders/MinphpBridge.php                     
+++ b/core/ServiceProviders/MinphpBridge.php                   
@@ -197,9 +197,10 @@ class MinphpBridge implements ServiceProviderInterface
     {                                                                                       
         $this->container->set('minphp.session', function ($c) {
             // Determine the TTLs and which to set for the database session
+            Configure::load('blesta');                                                                          
             $cookieName = 'csid';               
             $ttls = [
-                'ttl' => 1800, // 30 mins                                               
+                'ttl' => (Configure::exists('Session.ttl')) ? Configure::get('Session.ttl') : 1800, // 30 minutes
                 'cookie_ttl' => 604800, // 7 days
             ];          
             $dbTtl = (isset($_COOKIE[$cookieName]) ? $ttls['cookie_ttl'] : $ttls['ttl']);

 

-Adam

 

[evolvewh]

  On 4/7/2017 at 11:36 PM, Tyson said:

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

Expand  

Is there a recommended workaround? We have clients typing long support ticket messages and the system times out and they lose everything they've entered.

[FloXera-Jose]

We also need to work in this issue.

We had a few clients complaining about the session time out before the ticket was finished...

[Tyson]

In the interim you can update:

/core/ServiceProviders/MinphpBridge.php

At the bottom of the file is a set of TTLs:

$ttls = [
    'ttl' => 1800, // 30 mins
    'cookie_ttl' => 604800, // 7 days
];

Change the 'ttl' value to the number of seconds a session should last, e.g.:

$ttls = [
    'ttl' => 14400, // 4 hours
    'cookie_ttl' => 604800, // 7 days
];

Making these configurable from the config file should occur in v4.2.

[evolvewh]

Thanks for this info Tyson and I've made the change.

[espservices]

  On 7/27/2017 at 5:53 PM, Tyson said:

In the interim you can update:

/core/ServiceProviders/MinphpBridge.php

At the bottom of the file is a set of TTLs:

$ttls = [
    'ttl' => 1800, // 30 mins
    'cookie_ttl' => 604800, // 7 days
];

Change the 'ttl' value to the number of seconds a session should last, e.g.:

$ttls = [
    'ttl' => 14400, // 4 hours
    'cookie_ttl' => 604800, // 7 days
];

Making these configurable from the config file should occur in v4.2.

Expand  

Im using 4.2.2. Are these options already on the config file? Whats the best way to increase the session time limit for both admin and clients? Thanks!

[Tyson]

  On 3/4/2018 at 2:38 AM, espservices said:

Im using 4.2.2. Are these options already on the config file? Whats the best way to increase the session time limit for both admin and clients? Thanks!

Expand  

Yes, they are already in the config file, however, there is no distinction made between admins or clients in the session TTL.

Open your config file /config/blesta.php and update the session/cookie TTL values:

// Length of time (in seconds) that a session will be valid for
Configure::set('Blesta.session_ttl', 1800); // 30 minutes
// Length of time (in seconds) that a cookie will be valid for
Configure::set('Blesta.cookie_ttl', 604800); // 7 days

 

[espservices]

  On 3/6/2018 at 12:52 AM, Tyson said:

Yes, they are already in the config file, however, there is no distinction made between admins or clients in the session TTL.

Expand  

Thanks for the info. Can you please consider on a future Blesta update to allow distinction between admin and clients? This is very usefull since in most cases the admins would require more session time than clients. 

I speak for myself where I want for admin Blesta session to be at least 8 hours, that is my normal work day. But clients should required less session time, since it's not needed and they care a lot less about security, accessing Blesta sometimes using public/friends computers, etc.. 

[Paul]

  On 3/6/2018 at 3:32 AM, espservices said:

Thanks for the info. Can you please consider on a future Blesta update to allow distinction between admin and clients? This is very usefull since in most cases the admins would require more session time than clients. 

I speak for myself where I want for admin Blesta session to be at least 8 hours, that is my normal work day. But clients should required less session time, since it's not needed and they care a lot less about security, accessing Blesta sometimes using public/friends computers, etc.. 

Expand  

Why not just check the "Remember Me" box, and logout when done?

[espservices]

  On 3/6/2018 at 9:56 PM, Paul said:

Why not just check the "Remember Me" box, and logout when done?

Expand  

Are you suggesting that for clients or admin? Anyway I think it's a simple change that your team can apply on a future update.

[Paul]

  On 3/6/2018 at 10:16 PM, espservices said:

Are you suggesting that for clients or admin? Anyway I think it's a simple change that your team can apply on a future update.

Expand  

You want to increase the admin session timeout right? There's a "Remember Me" checkbox on the login page, if you check it during login, then it won't log you out so soon. I just wonder why you don't use that, instead of increasing the session timeout? It might not be very involved to have a different session TTL for clients vs admins, I'm not sure, but so far I'm not convinced that it's something we should change. There's already an option for keeping the session open longer. What am I missing?

[espservices]

  On 3/6/2018 at 11:05 PM, Paul said:

What am I missing?

Expand  

Im just a newbie starting to using Blesta and expresing my opinions. Im not telling my solution is the right one.