How to extend session cookie lifetime in Symfony?

8
votes

On accessing session data on the server side, its modified_time gets set, therefore extending its expiration time into the future.

However, this does not happen for PHPSESSID cookie. While session data expiration on the server side is extended, the cookie expiration is not. If the cookie expires, the user will lose his session - he will have no session ID to give when sending a request.

Is there any way to tell Symfony\Component\HttpFoundation\Session\Session to extend the cookie expiration date?

  • Can this be done for the same session ID? Or will we have to regenerate it (seems inefficient to do for many users X many requests)?
  • Should I set it myself manually (disregarding the OOP principles)

I've found $request->getSession()->getMetadataBag() and tried setting stampNew(), but this does not seem to interact with the PHPSESSID cookie.

1
phpsessioncookiessymfony
I thought the PHPSESSID cookie was set as a session cookie meaning that the browser would clean it up when it was closing. Never heard of it being cleaned up before the browser session was done. - apokryfos
I don't need to delete it, I need to extend its expiration date. It won't be cleared on closing the browser - the cookie will live for much longer (kind of like REMEMBERME, I'm guessing) - gskema
What I'm saying is (based on the manual the default duration of the session is "as long as the browser is open"). Now if a browser does not do a cleanup of session cookies and keeps them a bit longer (which is often the case) is not based on default PHP configuration. At any rate a PHP session is not meant to persist past a browser session, perhaps you could use a different session manager and your own custom sessionid cookie to persist the session for longer. - apokryfos

1 Answers

1
votes

You can change in the config.yml files under the session key, as example:

# session configuration
session:
    cookie_lifetime:    3600

From the doc:

cookie_lifetime

type: integer default: null

This determines the lifetime of the session - in seconds. The default value - null - means that the session.cookie_lifetime value from php.ini will be used. Setting this value to 0 means the cookie is valid for the length of the browser session.

More info in the doc here