Increase Session Timeout?

[EmptyMind]

I understand the need for a 'reasonable' session timeout but I don't want to have to re-login 10 times a day either. (Especially annoying with OTP enabled)

 

Is there a way that I can increase the session timeout from the default? At least for the admin side? I can see clients not needing more than 30 minutes of inactivity.. but us admins.. we are in there all day.. every day.. going back and forth between working on stuff and dealing with clients.. I'd like to have a little more leeway (Especially during development).

 

Currently I go and work on something else for a little while.. an hour.. for example.. go back to test what I'm working on.. re-login required. 

 

Quite annoying. I can see the sessions table updating with every access, updating it to +30Mins. 

[Paul]

config/session.php

 

Configure::set("Session.ttl", 1800);

 

Change to the value you want. It's for the entire system, and applies to both clients and admins.

[EmptyMind]

Just for my reference.. is this going to be overwritten during updates?

[Paul]

Just for my reference.. is this going to be overwritten during updates?

 

Yes it would. This file won't change often, but you'll want to merge the changes if there are any in a future release. If there are no changes, you can simply forget to upload it.

[EmptyMind]

Noted. TY. 

[evolvewh]

On 9/17/2013 at 3:13 PM, Paul said:

config/session.php

 

 

Change to the value you want. It's for the entire system, and applies to both clients and admins.

Where has this value moved to in 4.0? I have clients being timed out before they can complete a detailed support ticket response which doesn't get sent after.

[Michael]

25 minutes ago, evolvewh said:

Where has this value moved to in 4.0? I have clients being timed out before they can complete a detailed support ticket response which doesn't get sent after.

Still there for me.

[Adam]

32 minutes ago, evolvewh said:

Where has this value moved to in 4.0? I have clients being timed out before they can complete a detailed support ticket response which doesn't get sent after.

It does appear to be removed from the defaults.

The good news is the code (components/session/session.php) still checks to see a Configuration value of 'Session.ttl' exists. Just add that to your config (config/blesta.php) and you should be good to go.

Configure::set('Session.ttl', 9000);

-Adam

 

[evolvewh]

43 minutes ago, Licensecart said:

Still there for me.

Take a look at a fresh download of 4.0 and you'll see that config/sessions.php is gone. If you have it, it's from the 3.6.2 install.

[evolvewh]

40 minutes ago, Adam said:

It does appear to be removed from the defaults.

The good news is the code (components/session/session.php) still checks to see a Configuration value of 'Session.ttl' exists. Just add that to your config (config/blesta.php) and you should be good to go.

Configure::set('Session.ttl', 9000);

-Adam

 

Thanks for the help Adam. I've added this to config/blesta.php now.

[Tyson]

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

[evolvewh]

20 hours ago, Tyson said:

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

Is there a temporary solution to increase the amount of time that a login is active? We have clients that are typing a long support ticket (usually for website design / update tickets) and all of their message is lost by the time they are ready to click submit.

[Adam]

21 hours ago, Tyson said:

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

Doh!

54 minutes ago, evolvewh said:

Is there a temporary solution to increase the amount of time that a login is active? We have clients that are typing a long support ticket (usually for website design / update tickets) and all of their message is lost by the time they are ready to click submit.

 

Apply this patch file. It should work. It will attempt to load from config/blesta.php if a key named 'Session.ttl' exists. Otherwise, defaults to 30 minutes.

diff --git a/core/ServiceProviders/MinphpBridge.php b/core/ServiceProviders/MinphpBridge.php
index ccefd20..9367ff4 100644         
--- a/core/ServiceProviders/MinphpBridge.php                     
+++ b/core/ServiceProviders/MinphpBridge.php                   
@@ -197,9 +197,10 @@ class MinphpBridge implements ServiceProviderInterface
     {                                                                                       
         $this->container->set('minphp.session', function ($c) {
             // Determine the TTLs and which to set for the database session
+            Configure::load('blesta');                                                                          
             $cookieName = 'csid';               
             $ttls = [
-                'ttl' => 1800, // 30 mins                                               
+                'ttl' => (Configure::exists('Session.ttl')) ? Configure::get('Session.ttl') : 1800, // 30 minutes
                 'cookie_ttl' => 604800, // 7 days
             ];          
             $dbTtl = (isset($_COOKIE[$cookieName]) ? $ttls['cookie_ttl'] : $ttls['ttl']);

 

-Adam

 

[evolvewh]

On 4/7/2017 at 5:36 PM, Tyson said:

v4 doesn't observe the Session.ttl config value. It is now set in the bridge service provider. It will probably be back as a config value somewhere in the future.

Is there a recommended workaround? We have clients typing long support ticket messages and the system times out and they lose everything they've entered.

[FloXera-Jose]

We also need to work in this issue.

We had a few clients complaining about the session time out before the ticket was finished...

[Tyson]

In the interim you can update:

/core/ServiceProviders/MinphpBridge.php

At the bottom of the file is a set of TTLs:

$ttls = [
    'ttl' => 1800, // 30 mins
    'cookie_ttl' => 604800, // 7 days
];

Change the 'ttl' value to the number of seconds a session should last, e.g.:

$ttls = [
    'ttl' => 14400, // 4 hours
    'cookie_ttl' => 604800, // 7 days
];

Making these configurable from the config file should occur in v4.2.

[evolvewh]

Thanks for this info Tyson and I've made the change.

[espservices]

On 27/07/2017 at 6:53 PM, Tyson said:

In the interim you can update:

/core/ServiceProviders/MinphpBridge.php

At the bottom of the file is a set of TTLs:

$ttls = [
    'ttl' => 1800, // 30 mins
    'cookie_ttl' => 604800, // 7 days
];

Change the 'ttl' value to the number of seconds a session should last, e.g.:

$ttls = [
    'ttl' => 14400, // 4 hours
    'cookie_ttl' => 604800, // 7 days
];

Making these configurable from the config file should occur in v4.2.

Im using 4.2.2. Are these options already on the config file? Whats the best way to increase the session time limit for both admin and clients? Thanks!

[Tyson]

On 3/3/2018 at 6:38 PM, espservices said:

Im using 4.2.2. Are these options already on the config file? Whats the best way to increase the session time limit for both admin and clients? Thanks!

Yes, they are already in the config file, however, there is no distinction made between admins or clients in the session TTL.

Open your config file /config/blesta.php and update the session/cookie TTL values:

// Length of time (in seconds) that a session will be valid for
Configure::set('Blesta.session_ttl', 1800); // 30 minutes
// Length of time (in seconds) that a cookie will be valid for
Configure::set('Blesta.cookie_ttl', 604800); // 7 days

 

[espservices]

2 hours ago, Tyson said:

Yes, they are already in the config file, however, there is no distinction made between admins or clients in the session TTL.

Thanks for the info. Can you please consider on a future Blesta update to allow distinction between admin and clients? This is very usefull since in most cases the admins would require more session time than clients. 

I speak for myself where I want for admin Blesta session to be at least 8 hours, that is my normal work day. But clients should required less session time, since it's not needed and they care a lot less about security, accessing Blesta sometimes using public/friends computers, etc.. 

[Paul]

18 hours ago, espservices said:

Thanks for the info. Can you please consider on a future Blesta update to allow distinction between admin and clients? This is very usefull since in most cases the admins would require more session time than clients. 

I speak for myself where I want for admin Blesta session to be at least 8 hours, that is my normal work day. But clients should required less session time, since it's not needed and they care a lot less about security, accessing Blesta sometimes using public/friends computers, etc.. 

Why not just check the "Remember Me" box, and logout when done?

[espservices]

18 minutes ago, Paul said:

Why not just check the "Remember Me" box, and logout when done?

Are you suggesting that for clients or admin? Anyway I think it's a simple change that your team can apply on a future update.

[Paul]

46 minutes ago, espservices said:

Are you suggesting that for clients or admin? Anyway I think it's a simple change that your team can apply on a future update.

You want to increase the admin session timeout right? There's a "Remember Me" checkbox on the login page, if you check it during login, then it won't log you out so soon. I just wonder why you don't use that, instead of increasing the session timeout? It might not be very involved to have a different session TTL for clients vs admins, I'm not sure, but so far I'm not convinced that it's something we should change. There's already an option for keeping the session open longer. What am I missing?

[espservices]

13 minutes ago, Paul said:

What am I missing?

Im just a newbie starting to using Blesta and expresing my opinions. Im not telling my solution is the right one.