Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
3.3.28, 4.3.1
Description
You can specify lifetime for the session cookie using setting cookie_lifetime
When storing session in for instance Redis using Ibexa\Bundle\Core\Session\Handler\NativeSessionHandler, the item will get a TTL in redis. However, PHP will use the php.ini setting session.gc_maxlifetime when setting that TTL value. So there is no connection between the cookie_lifetime and that Redis TTL.
The NativeSessionHandler only have options to manipulate the php.ini settings session.save_path and session.save_handler. It also needs to be able to manipulate session.gc_maxlifetime