Admin Session Lifetime ignored

[storepeinture]

This is adding to https://github.com/magento/magento2/issues/9372.

Preconditions

Magento 2.1.8 installed

Steps to reproduce

1. Login to Admin Backend with full admin rights
2. Go to Stores > Settings > Configuration > Advanced > Admin
3. In the Security Tab go to Admin Session Lifetime (seconds)
4. Enter the following value: 86400

Expected result

The admin backend should timeout after a period of inactivity of 24 hours (= 86400 seconds). During these 24 hours there should be no backend login required, when trying to access backend content.

Actual result

1. After about 15 minutes of inactivity, the admin session is closed
2. A new login is required and all other open backend windows are not valid any longer
3. Unsaved data is lost
4. The 86400 seconds are ignored
5. However, when going to Stores > Settings > Configuration > Advanced > Admin the value for Admin Session Lifetime (seconds) is correct with 86400. This value is simply ignored.

[dmitriyprime]

Hi, @storepeinture. I cannot reproduce this issue neither on 2.1.7 nor on 2.1.8 version of Magento CE. Did you flush the cache of Magento after changing the configuration settings?

[storepeinture]

Yes, I did flush after changing the configuration settings. It just does not want to accept the changes. I was hoping that a magento update would help ... but unfortunately, no success, so far.

[magento-engcom-team]

@storepeinture, thank you for your report. We were not able to reproduce this issue by following the steps you provided. If you'd like to update it, please reopen the issue.

[storepeinture]

Ok, thank you for looking into it.

Even though you cannot recreate this issue, it still persists, even after several Magento updates etc.

So I just write this message here, in case somebody else has this issue and has found a solution: Please let me know what has helped you, it's really driving me nuts. I can't look around for more that 15 minutes without all my work being lost ...

What could be causing this issue, if it's not a bug in Magento 2?

[ZenDevMaster]

We are also experiencing this issue. Currently we are on 2.1.9 however it has persisted through many updates.

The value of "admin/security/session_lifetime" in our core_config_data table is 36000. However, admin sessions timeout after about 15 minutes as well.

Is there another PHP setting that can be causing session timeout?

[storepeinture]

This problem persists for me, as well. It seems that there must be a setting or something else that overrides the session_lifetime. Is anybody a professional Magento developer or has anybody yet hired a developer to find the reason and solve this issue. Any help or suggestion would be HIGHLY appreciated.

[storepeinture]

I might have found the place where we can change the Admin Session_Lifetime manually.

In Magento 2.2.1 (Probably for any newer version of M2)

1. go to this folder: vendor/magento/module-encryption-key/etc/

2. Edit the file: config.xml You will find this code: <default> ......<admin> ............<security> ..................<session_lifetime>900</session_lifetime> ............</security> ......</admin> </default>

3. Change the value 900 to whatever number of seconds suits you

4. I ran a Force Deploy afterwards I'm not that savvy, so this might be bullshit. I only do that because deploying static files is regularly suggested by extension developers after you make changes in the vendor/* files. I don't know what it does, but so far it hasn't done any harm either. But I thought, the new info has to get into the system somehow! So here is what I did: bin/magento setup:static-content:deploy -f

Final thoughts on this

• I believe we were right about the 15 minutes - which is exactly those 900 seconds
• This was months of trial, error and frustration, always making sure to click something in Admin Backend every 10 minutes in order to not lose all open tabs
• But last night, I found this solution, and today, I went out for lunch with friends and did some grocery shopping - and when I came back, my session was still alive 😄
• I hope that this will work for you guys as well - please let me know!

[paniciu]

We have the same problem on 2.1.8 and 2.2.0, and the solution from @storepeinture works fine. So a big thanks !

[magento-engcom-team]

@storepeinture , @paniciu , We cannot reproduce this issue as described. Please provide the detailed steps we must follow to reproduce this issue. In addition, identify the web server you are running, the versions of PHP and MySQL, and any other information needed to reproduce your issue.

[paniciu]

Server info: Centos 7.4 PHP version: 7.0 Magento 2.2.0

In Stores > Settings > Configuration > Advanced > Admin > Security, I changed Admin Session Lifetime from 900s (default value) to 28800s (8 hours). Then used Cache Flush. In admin the value is saved but it doesn't work, after 15 min it logs me out.

Tested it on Firefox 57.0 (default settings) and Chrome 62.0 (default settings).

[storepeinture]

Server System: Linux PHP Version: 7.0.25 Magento Version: 2.2.1

The problem appears to happen to some other users as well. This issue has been reported multiple times. But it only happens to some people ... I don't know why or what caused the issue. It just never worked for me. Until I found the possibility to write my desired value hard into the config.xml file.

If you want to know how to recreate the problem, please follow the steps of the first post. However this will not help you, because your installation seems to work proper. But for some people, this is an issue, and they certainly can reproduce the issue.

Maybe somebody else remembers exactly which events led to the defect of this function.

[magento-engcom-team]

@storepeinture, thank you for your report. We were not able to reproduce this issue by following the steps you provided. If you'd like to update it, please reopen the issue. We tested the issue on 2.3.0-dev, 2.1.10, 2.2.1

[kfriend]

I have been experiencing a similar issue. The Magento install in question ignores the session lifetime value, across different hosting environments and OSes. We have the setting at 259200, but sessions end after an hour or so (don't know the exact timing).

@storepeinture what web server are you running?

[dakira]

I have tried multiple different hosting environments. The only thing they all have in common, is that they're based on Ubuntu 16.04. You can start from a default digitalocean image and minimally configure it to be able to run magento. It will have the exact same problem.

[storepeinture]

Hello @kfriend , sorry for my late answer. My server environment (operating system) is CentOS 6.4

For whatever reason this is an issue, it's not something that only a few of us have. There are other discussions on the same topic elsewhere.

IMHO it should be adressed by Magento 2 developers. Maybe, we can create an environment, where a clean installation of Magento 2 causes this error. So it's easier to reproduce and understand.

[kfriend]

My issue was caused by PHP's session.gc_maxlifetime setting. Apparently Magento makes use of PHP's native sessions, at least is some capacity. The default value is 1440 (24mins). Pretty sure PHP's session are cleared based on probability, which would lead to the inconsistent timeout lengths that I experienced (i.e. not 24 mins every time).

It would be nice if Magento's config page checked the session.gc_maxlifetime value, and indicated if it is less than the admin timeout.

@storepeinture My guess is that this setting may be the cause of many of these timeout issues, but probably not all. I have not seen Magento's documentation mention this setting, but I could have missed something.

[garyhiggins1970]

I had the same problem and my issue was also caused by PHP's session.gc_maxlifetime setting. I upped it to 7 days and i no longer get time out of the admin side.

[agata-maksymiuk]

@kfriend @garyhiggins1970 That's the real solution. Works for me too. Thank you guys.

[jason-zz]

@kfriend and @garyhiggins1970 solution works great! Thank you.

[storepeinture]

@kfriend @garyhiggins1970 Thank you that did it for me as well!

I added this line to the php.ini : session.gc_maxlifetime = 86400

This solution works.

[jadrew1]

Was this an issue that you as a single user @storepeinture were facing, or were there multiple admins who had the same issue?

I am having this issue now and my webmaster insists that if it were caused by the PHP settings, everyone would be having the issue and not just me.

[dakira]

@jadrew1 Magento uses PHPs default settings. If they can't be changed, then yes, everyone will have this issue with Magento. Setting session.gc_maxlifetime = 86400 is the correct solution.

[jadrew1]

Thank you @dakira. I should have added that I'm the only person at my workplace having this issue, which is why the webmaster doesn't believe it has to do with the PHP.

[MagePsycho]

Same case for Magento 2.1.1.
Had to fix with php.ini

session.gc_maxlifetime = 86400

[Raffail]

It seems the problem is due to permissions - session.gc_maxlifetime is stored in php.ini that is owned by other than Magento2 system user, and Magento saves new admin session lifetime in its database, but can not save it into (root in my case) php.ini. I don't know why local php.ini override does not work.

[mstolnicki]

I don't have access to my php.ini file, so I updated my .htaccess file with: php_value session.gc_maxlifetime 9000

[cptX]

Well this is issue is still alive and kicking, in Magento 2.4.5 in ubuntu server. To solve it I wouldn't like to modify the php.ini file because this would affect the whole server. Isn't there any solution only in Magento configuration? Modifying the php.ini globally doesn't look like a good solution.

[cptX]

Can we please reopen this important issue???

[jainajay4444]

Hi Why was this ticket closed without a proper solution? I have changed session.gc_maxlifetime to 86400, but I am still being logged out after just a few minutes.