I was recently trying to figure out exactly how long my users' sessions were lasting on an existing Drupal site that I had built. Generally it seemed like users were remaining logged in for an extremely lengthy period of time. I did some research and finally discovered that this setting is actually configured in the default settings.php file that ships with Drupal. There's a line in the settings file that initially reads:
ini_set('session.cookie_lifetime', 2000000);
Basically this means that, by default, when a user is logged into the site, they will receive a cookie from the server that won't expire until two million seconds have passed (that's just over 23 days). I'm not sure quite why the default setting is for 23 days. Maybe for development sites this would be a good idea so that your developers don't have to log in all the time, but for most of my production sites, I actually prefer that the user only be logged in for a maximum of about 10 hours at a time. To change the setting to a more reasonable ten hours, you would use:
ini_set('session.cookie_lifetime', 36000);
Also, if you want the user to be logged out as soon as the browser is closed, you can change the setting to:
ini_set('session.cookie_lifetime', 0);
Commenting on this Blog entry is closed.
Jill and Mark at FleetThought are life savers! As a small, rural
library director where I *am* the IT staff, I was at a loss as to how to
customize my library's website template. Jill and Mark made my small
site feel like such a priority, and I got first class service! They
listened to my needs and made many changes I requested to make my site
beautiful and to make me a happy customer. I am so grateful for their
expertise and I cannot recommend them enough!
Drupal
FleetThought uses the Drupal content management system to build full-featured, robust, scalable websites and is an individual member of the Drupal Association.
Clarksville and Nashville, TN
Based out of the Clarksville and Nashville, TN area, we love our community and enjoy building websites that help support the success of local businesses.
Comments
Good tip. It sounds like
Good tip. It sounds like there are a lot of potential modules that can be installed that accomplish the same task. I usually like to avoid installing tons of modules if possible, just because having too many can cause a performance hit on your site. In this case, I like making the simple change in settings.php because it's one less module I have to maintain and run on a site.
Remember Me Module
Hi, you can use remember_me module (http://drupal.org/project/remember_me).
M.
Interesting Approach
That's an interesting approach too. People might want to check that out if they're looking for a module that takes care of this for them.
Session expire module
You can also try the session expire module.