Level 67
Not really, especially with csrf.
Jul 15, 2018
2
Level 1
Any risks of increasing session lifetime?
After installing Laravel 5, the session lifetime is set to 120 minutes:
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => env('SESSION_LIFETIME', 120),
I would like to increase it to, let's say, 360 minutes or more but I wonder if there is some reason why I should avoid long session lifetime... Is there any risk or disadvantage?
Level 73
The only risk that I see is if you hit the session limit for the webserver the users might face issues logging in.
Please or to participate in this conversation.