How to prevent session/cookie refresh in Laravel?

Question

I searched everywhere but could not find how to prevent the session(cookie?) from getting refreshed in Laravel.

I'm now migrating my website from Codeigniter to Laravel.

In Codeigniter, if you set the session expire time to 1 hour, the session will expire in one hour even if you're actively opening the website or not.

In Laravel, the session is always getting refreshed everytime I open a page.

For example, if I login at 00:20 and set the expiration to 1 hour(01:20), and then I open a page at 00:50, the expiration time will be refreshed to 01:50.

My question is, how to prevent this behavior in Laravel? I want it to stay at 01:20 like Codeigniter does.

Answer 1

The session config can you find in config/session.php.

'lifetime' => 120, // in minutes, default 2 hours

'expire_on_close' => false,

That's all. Below the explanation about session logic.

Working of Sessions

The session handling of Laravel is full logic. Let's me give an example:

• I open page A at 5:00 PM. Session will be set for 20 minutes. It expires 5.20 PM, only if there's no activity by the user!
• After 10 minutes, I open page B. The session refreshes, the expiration is 'now' + 20 minutes
• Understand? After each activity (each new request) by the user, the session refreshes / extends

Security

It's very secure for you that Laravel refreshes the session! It's more difficult to 'catch' the session by attackers!

So I will recommend you the Laravel approach instead of the (outdated) CodeIgniter approach.