How to change the lifetime of the session cookie in Symfony 4 (session expires too soon)

Surely one of the first problems that i noticed when i started working with Symfony 4, was the default lifetime of the session cookie, which by default doesn't last more than 10 minutes approximately. You can easily change the duration of the cookie with the cookie_lifetime setting, however you need to know that you need to configure as well the handler_id of Symfony, or you will be working with the default PHP session mechanism, which sometimes isn't the best at all, at least when you work with Symfony.

As explained in the official documentation of Symfony:

Setting the handler_id config option to null means that Symfony will use the native PHP session mechanism. The session metadata files will be stored outside of the Symfony application, in a directory controlled by PHP. Although this usually simplify things, some session expiration related options may not work as expected if other applications that write to the same directory have short max lifetime settings.

The best solution is to use the native file session manager of Symfony, you will basically store the sessions in the /var/sessions/ directory and that's it, the lifetime option will work again. You can do this quickly modifying your framework.yaml file in the session block like this:

# project/config/framework.yaml
framework:

    session:
        handler_id: session.handler.native_file
        save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'
        # 2 Days lifetime (172800 seconds)
        cookie_lifetime: 172800
        cookie_secure: 'auto'
        cookie_samesite: 'lax'

After saving changes to this file, clear the cache of your project and proceed to test if your cookie lasts the specified time.

Happy coding !

This could interest you

Become a more social person