Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello Everybody,
I want to override default session timeout for my laravel application dynamically from a user controlled form. I have been using logic like:
Config(['session.lifetime' => GeneralSetting::first()->session_timeout]);
in AppServiceProvider.php and also in LoginController.php, but to no avail.
Kindly guide if I am doing it in the right way.
Thankyou.
Take a look at the solution here:
https://laracasts.com/discuss/channels/laravel/dynamic-session-lifetime
So you might need a middleware to do the job.
Or this here
https://stackoverflow.com/questions/45247239/laravel-customized-session-lifetime-at-user-level
@nakov It doesn't seem to work for me. Here's what I did:
namespace App\Http\Middleware;
use Closure;
class ExtendSession
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$lifetime = 2;
config(['session.lifetime' => $lifetime]);
return $next($request);
}
}
\App\Http\Middleware\ExtendSession::class,
\Illuminate\Session\Middleware\StartSession::class,
SESSION_LIFETIME=1
'lifetime' => env('SESSION_LIFETIME', 120),
Route::group(['middleware' => ['web', 'activity','forcelogin']], function () {
Route::post('users/update',['uses'=>'UsersManagementController@update']);
});
Am I missing something or doing something wrong. Session doesn't get time out.
Thankyou.
Hello Everybody,
I solved the issue using the below implementation:
I am using some global settings to fetch some values.
<?php
namespace App\Http\Middleware;
use Closure;
use Auth;
use Session;
use App\Models\User;
use App\Models\GeneralSetting;
class ExtendSession {
/**
* Time for user to remain active, set to 3600secs( 60minutes )
* @var timeout
*/
protected $timeout = 3600;
private $sessionMessage = "";
private $generalsettings;
public function __construct() {
$this->generalsettings = GeneralSetting::first();
date_default_timezone_set($this->generalsettings['timezone']);
$this->redirectUrl = '/';
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if(Auth::check()) {
$user = Auth::user();
$current_date_time = date("Y-m-d H:i:s");
$currentTimestamp = strtotime($current_date_time);
$last_activity = strtotime($user->last_activity);
if(strcmp($this->getTimeOut(),"Never") != 0 && ($currentTimestamp - $last_activity) > $this->getTimeOut()) {
$this->sessionMessage = "Session Time Out";
}
if(!$request->Ajax()) {
User::where(['id'=>$user->id])->update(['last_activity'=>$current_date_time]);
}
if($this->sessionMessage != "") {
Session::put('status',$this->sessionMessage);
if($request->Ajax()) {
return Response()->json(["status" => $this->sessionMessage]);
}
Auth::logout();
return redirect()->to($this->getRedirectUrl());
}
}
return $next($request);
}
/**
* Get timeout from general settings session_timeout column, if it's not set/empty, set timeout to 60 minutes
* @return int
*/
private function getTimeOut()
{
$sessionTimeoutValue = GeneralSetting::first()->session_timeout;
if($sessionTimeoutValue == null) {
return $this->timeout;
} else {
return strcmp($sessionTimeoutValue,"Never") == 0 ? "Never" : $sessionTimeoutValue * 60;
}
}
/**
* Get redirect url from env file
* @return string
*/
private function getRedirectUrl()
{
return (env('SESSION_TIMEOUT_REDIRECTURL')) ?: $this->redirectUrl;
}
}
Hope you guys find it useful.
Please or to participate in this conversation.