Level 73
@lukegalea16 and once you log back in, does the session exists?
session('variable_name');
should not output anything if you've logged out. The session timeout is defined in your config/session.php file.
1 like
Nov 10, 2020
4
Level 2
Session Data Lifetime
Once a user logs in, a session is created. When I add session data such as the below example, what will be the lifetime of that data? After logging out I opened the session file and found that the data remained there. If a session expires will it still be available? If it will still be available it will still be unusable however if the user is logged out right?
session()->put('variable_name',4);
Level 56
When you log out the session id should be regenerated.
That means the session id sent as a cookie header should be a different one.
As it seems you are using the file driver for handling sessions you should have a new file related to new session id.
Laravel won't delete the old file when regenerating a session.
But Laravel will from time to time garbage collect session files not updated longer than the session expiration time.
That is what the 'lottery' config option in your ./config/session.php stands for, it means the chance a request will trigger the garbage collection procedure, which can make the request time a bit longer.
And that is why you still see old session files, but don't worry, with no session ids related to them they are just garbage awaiting to be collected.
You can see the garbage collection code here:
And the "lottery" handling here:
Level 2
Thank you! What if a session expires (the user may not necessarily log out)? Related session data will expire too?
Level 56
Yes. When a session expires, due to inactivity, the related data will be considered expired too and deleted on the next garbage collection cycle.
On the file session driver, the session file will be "touched" (update) on every request. So its timestamp is always current.
If a user left their computer on and kept logged in into your app, after the session becomes expired due to its expiration time limit, on the next request Laravel will check the file timestamp and will generate a new session for that request, thus invalidating the current one.
Please or to participate in this conversation.