• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Cookie/Session TimeOut for client websites

T

TeamWalther-IT

New Pleskian
Hi,

I managed to change the Session-TimeOut in Plesk-Panel successfully. But I am not able to change the Session TimeOut for any of mine client Websites. I tried to add the following parameters to the local php settings of the client website :

session.gc_probability = 1
session.gc_divisor = 1
session.gc_maxlifetime = 21600
session.cookie_lifetime = 21600

The website is running PHP 7.2.14 (FPM). The server is running Debian.

phpinfo() shows the cookie lifetime of 21600, but different content management systems logged off after 10 minutes.

Any suggestions ?

regards Torsten
 
Ok, I managed to get it working for me now.

I changed the default value of 1440 (24 minutes) to 21600 (6 hours) for "session.gc_maxlifetime" in the following php.ini files :
/etc/php5/apache2/php.ini
/etc/php5/cgi/php.ini
/etc/php5/cli/php.ini
/etc/php5/fpm/php.ini

On Debian / Ubuntu there is a cronjob that removes all sessions in the standard session save path which are older than the max value of "session.gc_maxlifetime" in all php.ini files... => /etc/cron.d/php5 ... unfortunately, this script only considers the standard php.ini files and ignores the manual added additional parameters in client sites in PHP. The Cronjob runs every 30 minutes and deletes in standard sessions that are older than 24 minutes. After changing from 1440 to 21600, the sessions will now be deleted after 6 hours.

Because of security reason and to reduce the chance of session hijacking, it would be better to left the standard value of 1440 unchanged and modify the "session.save_path" parameter explicit for one client website. If the sessions are stored in a different directory than the standard one, they will not get deleted by that cronjob. You can than add the following directives for example as additional php-parameters to that website :

session.gc_probability = 1
session.gc_divisor = 1
session.gc_maxlifetime = 21600
session.cookie_lifetime = 21600

If you go this option, you have to handle the cleanup of the separate session.save_path by your own, for example with a script like this :
find /path/to/sessions -cmin +24 -type f | xargs rm

regards Torsten
 
You must log in or register to reply here.

Similar threads

A
Issue Website sometime getting down due to nginx & apache error
Replies
3
Views
402
arjch
A
AdrianC
Question php82-fpm stops responding, how to tune, debug, check variables
Replies
4
Views
2K
AdrianC
AdrianC
Hangover2
Forwarded to devs Disabled PHP "Hosting performance settings management" can be bypassed by using .user.ini or ini_set()
Replies
9
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
P
Resolved The timeout specified has expired: AH01075: Error dispatching request to : - without URL in my logs - Error 502 - since php 8.2.13 - randomly
Replies
12
Views
14K
phildolyon
P
E
Question Website Plesk / NAS-HA
Replies
2
Views
1K
Peter Debik
P
Back
Top