Level 29
look at config/session.php and yes its based on last activity.
1 like
Feb 1, 2016
4
Level 2
Laravel Session Time Out
I have a couple of basic questions on Laravel's session. How is Laravel's session time out calculated? Is it based on when the session started, or is it based on when the last user action was? I'm noticing that sometimes I'll be logged into my site, and clicking, and suddenly I need to login again.
What is the correct way to adjust the settings? Is it just going into php.ini?
Is there a place in the documentation that goes into more detail? Currently this is the only thing I could find: https://laravel.com/docs/master/session It is only about how to use and access the session, but not how to configure it.
Level 2
Thanks for the quick answer. Just a follow up - does each session have a unique CSRF token, and does a CSRF token correspond to one session. In other words, can I expect the CSRF and each session to have a one-to-one relationship?
Level 6
Session life time is based on when the session started and you can adjust the life time in
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 120,
'expire_on_close' => false,
I was looking at the docs and wondering, does regenerating the session id resets the life time of a session?
Level 29
In general yes, but you shouldn't take it for granted? Just as a check ( will have to test myself, as i have heard about old data being migrated in some cases), have something with csrf token, next login user, logout, login again, does token change?
Please or to participate in this conversation.