I’m having a similar issue as internezzo-ag. I have the session timeout value set to well over an hour and my backend sessions are timing out in around fifteen minutes.
Has anyone else experienced this issue? How did you resolve it?
I wonder if this has something to do with a php.ini setting somewhere?? I looked around and saw that recommendations for shared hosting of PHP apps say to not place sessions in a shared global folder such as /tmp since the server may clean those up regularly or other users may get access to your sessions. However, as far as I can tell Magento’s sessions are stored by default in <mageROOT>/var/session/ so this shouldn’t be an issue.
I think there are a few ways to solve this problem. The root of the problem is most likely the session.gc_maxlifetime setting in php.ini. The default value (in my php.ini) is 1440, aka 24 minutes. There are two solutions here.
1. Change the session.gc_maxlifetime setting to something longer. This will be a global change and will affect both the admin section as well as the frontend. It could potentially affect your other sites too if you host multiple sites on the same server. For me, this solution was sufficient.
2. Another, more complicated solution would be to override the Core/Model/Session/Abstract/Varien.php class. I have not looked into this solution, but I *think* it’s possible.
Magento is a phenomenal product, but I think they’ve done a bit of a poor job on the session implementation. The fact that things rely on php.ini rather than Magento configurations is surprising.
How is Magento setup to handle sessions, via filesystem or database?
We just had a client run into the same issue, and Magento was setup to let the database handle sessions (default is the filesystem). I was unable to login. It would just keep sending me to the login page, but I could see the URL was trying to parse at least. Occassionaly I would get in to the backend after trying to login 2-3 times in a row, but would still get “logged out” of the system.
To see what you have, or to change it, open up the following:
Look for this:
And change it to this:
If it’s already set to files, then there’s possibly another bug. After you’ve done this, make sure you delete the following directories:
And also delete all of the items in the core_session table.
You should be able to login and stay logged in now.
This I have done and it worked. I even left open the admin backend over night and could continue this morning! Usually I was thrown out within 20 minutes.