Security Enforcer Timeout Question

Apparently it can be extended in the .htaccess file with one line of code.

php_value session.gc_maxlifetime 3600

I’d still like to know what triggers the time reset though.

Maybe @patrick can advise and implement this as additional server connect global setting.

As sessions are basically just cookies stored on the server it may be possible to manipulate its lifespan with something like this

<?php session_start([ 'cookie_lifetime' => 3600, ]); ?>

That would be a great global setting to be able to change. That one line in the.htaccess file seems to work.

I set it for two hours to test it and came back almost two hours later and was still logged in.

PHP configurations can be different per provider, it is also possible that a hoster wont let you edit any PHP setting. It can also block changing properties from PHP code and htaccess. This makes it very difficult to make some global setting in Wappler that would work on any host.

Read here about how to change session timeout

Thanks for looking into it. It would have been a great feature of it was possible. At least I was able to find a solution for my server.

Why not thinking more simple and use the remember flag, it uses cookies instead of the session to keep the user logged in. Then you have more control over the timeout.

1 Like

Thanks Patrick, I have never been able to get the remember me feature to do anything even going back to the Dreamweaver extension days.

A tutorial on seeing it up or at least an explanation on what it is suppose to do would be helpful.

Hello Brad,
All the remember me does is to set a cookie which keeps you logged it :slight_smile: you can set the cookie lifetime in the settings.
Usually you bind this to a checkbox with a value of 1, so when checked in, it keeps you logged.

1 Like

So it will override the PHP session time then? If so, I will give it another try.

No, it uses a cookie, which doesn’t depend on the session. It’s a different thing :slight_smile:

1 Like

This is where I am confused then. If the PHP session expires before the cookie, what happens?

Sorry for the dumb questions, just never been able to see a difference when using the remember feature. Plus it is still early morning and have only had half a cup of coffee. :wink:

Well, there are quite a lot of articles explaining the difference, for example:

I know what the difference between a cookie and a session is. My problem is that f the security provider uses the PHP session how does using a cookie instead effect it?

So if I use the remember feature, it does not use the PHP session it uses the cookie instead? Just trying to figure out the mechanics of this.

Exactly. So you will be logged in, as long as your cookie lifetime is :slight_smile: which could be 30 days
This can be set in the properties panel for the security provider step.

1 Like

Thanks, that sounds exactly like what I need. I will give it another try today. Does that have to be a checkbox or can I use a hidden field with a static value of 1?

I believe you can even set the value 1 directly in the server connect UI for the remember me option :slight_smile:

1 Like

Thanks @patrick. This seems to work better than I would have imagined. Glad to finally know exactly how this feature is suppose to work. This will really make our staff happy!

1 Like

Default the security provider uses sessions to keep the user logged in, the remember me sets a client cookie that holds the login information and will log the user in again when the session is expired. You can set the expire date for the cookie, so that users are remembered for hours, days or years. You often see it as an option for the user within the login form, but you can also set it yourself in the server action.


Thanks for the explanation, Patrick. I think I have it all sorted out now. Love Wappler and the support team!