PHP session configuration

SYSTEM INFORMATION
OS type and version Debian 10
Virtualmin version 7.3-1

What is the correct configuration of php session values to get them to work “normally”.

We recently moved servers, previously we were on cpanel and we’ve been having problems with sessions ever since. By “normally”, I mean a session should persist until approx 24 minutes of inactivity has occurred and then it should expire.

What’s happening with the default settings is that for me, my sessions never or rarely seem to expire. I can leave my browser open on a Friday, come back on Monday and I’m still logged in. Whereas what my boss was reporting was being logged out in the middle of working. I just confirmed this with the logs too as my boss’s boss was reviewing some work and was logged out after around 2 minutes of inactivity.
I’ve changed the settings to: allow cookies, always use cookies, cookie lifetime forever and max session lifetime to 1440 seconds. I think its the cookie lifetime forever that prevents the users getting logged out in the middle of doing stuff but I’m still experiencing staying logged in basically forever.

I’m seeing session files on the server that are a week old (but that also seemed to include the cookie for my boss who got logged out in the middle of working). The week old session files seems to be deliberate - the oldest files are from the 11th November, a couple of days ago the oldest was the 9th.

We’re running php 7.3 as fCGId. I’ve checked the probability is set to 1 but I did notice the divisor was 1000, I’ve changed it to 100 to see if that helps as we’re not a high traffic site (and with fCGId, I assume that’s just that individual site that it applies to, most of our sites are low volume private or semi-private. We get crawlers of course but we have about 5 users on one site and maybe 20-30 on another

I’ve tried playing with the settings but its very slow to debug and I can’t replicate the issue of being logged out while working. So I was hoping someone knew what the correct settings were.

1 Like

I have exactly the same problem, sessions never expire