Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello
I try to change the session_lifetime value in .env file :
SESSION_LIFETIME=2
in config / session :
'lifetime' => env('SESSION_LIFETIME', 120),
'expire_on_close' => false,
after changing the value in .env I :
sudo php artisan cache:clear
sudo php artisan optimize:clear
To be sure that this value has been changed, from Tinker I :
Psy Shell v0.11.5 (PHP 7.4.3-4ubuntu2.16 — cli) by Justin Hileman
>>> Config::get('session.lifetime');
=> "2"
>>>
It seems everything okay from my side but I don't know why the session lifetime is not working!
try php artisan config:clear to clear the config cache.
And what do you mean exactly with: "session lifetime is not working". Are you trying to logout a user after 2 minutes of inactivity? If so; make sure when you are testing there is not some ajax call being done every X seconds or so that keeps the session alive.
@click I already run it but it changes nothing
@godzilaravel you understand that the current page will not close or redirect away (to /login) after a period of inactivity (when the Session expires), right?
@tykus Yes indeed and when I refresh the page normally if the session is expired I should be redirected to the login page , right ? but in may case I still authenticated like nothing happened !
Do you have any sort of javascript doing ajax requests to the backend ? Everytime you hit the backend the session timeout is renewed
found a simple way to test it. Go to the login page while the value is set to 1. Wait a minute and try logging in. You should get CSRF expired error
@Sinnbeck I cleared the session from the browser (chrome) but I still have this issue , what I remarked is the Expires / Max-Age is not stable and keeps growing up automatically !(maybe that's why it's not expired )
found a simple way to test it. Go to the login page while the value is set to 1. Wait a minute and try logging in. You should get CSRF expired error
when I did this it returns me: 419 page expired for the first time On the second try I can login , but always same issue with session it's not expired !
@GodziLaravel Then it works :) After login, open F12 and select Network, and click "All". Does your app send a request every x seconds ?
@Sinnbeck yes in deed there is a specific route I use every 1.5 seconds:
intervalID = setInterval(function () {
axios.get(`/idle`)
.then(response => {
if (response.status === 200) {
document.getElementById('sessionExpiredLaunchClose').click();
}
}).catch(error => {
if (error.response.status === 401) {
document.getElementById('sessionExpiredLaunchOpen').click();
}
})
}, 15000);
}
@GodziLaravel That refreshes the session so it never expires
@Sinnbeck Thanks very very much
@Sinnbeck Do you know how to set the timeout for session irrespective of any ajax or another request within that period?
@imhaggarwal You set the session duration as described above. If you want to have ajax messages going that don't reset the timeout you will have to send these via an unauthenticated, stateless connection.
Please or to participate in this conversation.