Posted by kbahey on 

Expires rows from the session table older than a certain time.

Background

By default, Drupal ships with a session expiration time of just over 23 days, using this directive in settings.php:

<?php
ini_set('session.cookie_lifetime'2000000);
?>

However, for this to work automatically, it requires PHP's garbage collection to be configured correctly.

Since some distributions, e.g. Debian and Ubuntu do not ship with PHP defaults that triggers PHP garbage collection, there is a need to also set the following:

<?php
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
?>

This will work, but has some drawbacks:

来自 https://drupal.org/project/session_expire

 

I set the values to:

<?php
ini_set('session.cache_expire',     300);
ini_set('session.cookie_lifetime'0);
ini_set('session.gc_maxlifetime',   300);
?>

to have users automatically logout when they close their browser.



来自 https://drupal.org/node/16217


 

up vote1down votefavorite

What's the best module for a session timeout?

I simply want users to be automatically timed out after a period of inactivity.

The Automated Logout module looked like it could to the trick, but it seems like it does a lot more too. Also, I am using Drupal 7 and it's still in dev.

  
shareimprove this question
 
2 
Autologout now has a proper drupal 7 release and works as advertise. –  rooby Aug 8 '13 at 11:02
add comment
up vote2down vote

You have two options in the settings file that should allow you to configure the session timeout however you wish, session.gc_maxlifetime & session.cookie_lifetime.

/**
 * Set session lifetime (in seconds), i.e. the time from the user's last visit
 * to the active session may be deleted by the session garbage collector. When
 * a session is deleted, authenticated users are logged out, and the contents
 * of the user's $_SESSION variable is discarded.
 */
ini_set('session.gc_maxlifetime', 200000);



 /**
  * Set session cookie lifetime (in seconds), i.e. the time from the session is
  * created to the cookie expires, i.e. when the browser is expected to discard
  * the cookie. The value 0 means "until the browser is closed".
  */
ini_set('session.cookie_lifetime', 2000000);
shareimprove this answer
 
1 
Also it's worthwhile to try the session_expire module (drupal.org/project/session_expire) which sets expiration so that it will really work. –  Druvision Dec 27 '13 at 8:44