Security Provider Cookie Options

Hi. Continuing the discussion from Login - Create a Working User Login Page:

I followed this and have setup secure login & logout. It seems to be working ok. But I could not find anything regarding the Cookie Options for Security Provider.


Can someone please explain or point to a doc explaining these options? Also, the user doesn’t seem to be logging out automatically after, say 30 mins. Is that something that can be set with the Expire option?

Expire expects a day value, 30 means 30 days.
Domain and path are pretty much self explanatory - the domain to set the cookie for and the path. Usually you do not need to change these…

Any way to set the expiry time in minutes? Or should I use some other way to auto-logout user?

If you have a specific need to log the user out after 30 minutes then just do not set the cookie, in other words do not the user an option of a Remember Me checkbox that sets a cookie. I can not swear to it, but when I have forgotten to do this step it seems users are logged out after about 30 minutes anyway.

If the cookie is not set, the user stays logged in for the current session i.e. until the browser is closed.

Thats strange as I have had it many times where the page has remained opened and when I go back it and try do something, suddenly it takes me back to the login screen, I have to admit this has happened not really when I have forgotten to add a Remember Me checkbox but rather when I have forgotten to set the static value of the remember me checkbox to 1.

If that is not going to be a reliable solution could he not maybe just use the action scheduler?

Paul, When based on a session cookie like that then logout will occur when the session expires i.e. after a specified time of inactivity… The session expiry time is set by the server but is normally around 20 - 30 minutes.
This can be configured in the php.ini file with the session cookie lifetime settings

1 Like

I see, so do you think that the original poster could in essence ensure that his users are logged out after 30 minutes even though the default options in Wappler only account for days if he does not set the cookie and adjusts his server settings? Just out of interest.

Yes, don’t set the cookie and the session will timeout in accordance with the current server timeout setting, typically 20 or 30 minutes for most providers.

1 Like

So pretty much what I said in the first place even though I had no clue as to why, I just got lucky without knowing very much, haha. Thanks for confirming though.

For those who don’t know, your php settings can be found by running this simple script

<meta charset="UTF-8">
<title>PHP INFO</title>
echo phpinfo();

My php session settings section

Session timeout (session.gc_maxlifetime) is set to 1440 seconds (24 minutes)

1 Like

That’s quite seful info @Hyperbytes, especially for new users :slight_smile:
@psweb maybe worth adding this to your useful tips topic :wink:


Thanks for all the input @Hyperbytes & @psweb.
I do not have a “remember me” option. The cookie options are set automatically. I haven’t added any other cookies manually.
As for PHP session timeout, I too have the default value of 1440 seconds. But, I think the default cookie is being used instead of session because I remain logged in for days - even after closing the browser/tab and restarting the PHP server & system.

So, in my case as @Teodor says, default cookie has 30 days timeout and that is in play. How to change that?

The cookie gets created ONLY when the user clicks the “remember me” check box.
Otherwise the login is kept just for the session.

Oh. In that case I should get logged out after 24 minutes.

I have tried accessing secure page after manual log out and it redirects me to login page.
But it does not work when I try to access the page after 24 minutes of inactivity. I’m still logged in if I refresh the page or open it in new tab.

I need to see a link to your page to test that.

Will try to set it up today and share. Working on some other things and project is currently on local system.

@Teodor - I uploaded the project on my server, and tested session time out. It works as required. Might be some issue with session on my local system.

1 Like