Closed madmatt closed 6 years ago
This still won't work on environments that have a cron that clears sessions (as they usually check what's set in php.ini for gc_maxlifetime
) - debian does this. We should ensure documentation indicates that php.ini configuration should be correct in those cases.
Great point, I forgot that crons do it that way, that's rather unfortunate... it would be great to have a way to specify this somehow, but that's beyond the scope of what cwp-core
can do, so maybe the best bet is to just change the value in config.yml
to be 1440 to match with the defaults.
It's also important to make sure people don't have the impression that increasing this value will do anything if the php.ini setting isn't changed.
Raised some PRs at #47 and silverstripe/cwp#148
https://github.com/silverstripe/cwp-core/blob/master/_config/config.yml#L12 sets the session timeout for SilverStripe sessions to be one hour (3600 seconds), however PHP settings on CWP itself are not changed from the default value of 24mins (1440 seconds).
This means that while we set sessions and their cookies to expire after an hour, PHP is cleaning up these sessions after just 24mins, meaning that nobody gets to use a session with more idle time than 24mins.
It would make sense to set this value to 1440 to match PHP settings so it's not confusing to users.
Additionally, we could add documentation around how to increase this value, which consists of doing two things:
php_value session.gc_maxlifetime 7200
to .htaccessPRs