Increase Login Session Time For Users/customers

Dear members,

I want to increase the session time for users/admins to infinite or until they log out themselves. I do not want the users to log out automatically after 2 hours.

I know there are some changes required in config.pho file, can someone please drop me a line of code that I have to put there?

Please drop me a full line of code that I can replace with 2 hours of session time, I need an infinite login session for customers and admin panel. I never want them to log out until they log out themselves.

My Cs-Cart version is 4.7.2

// Session live time
define('SESSION_ALIVE_TIME', SECONDS_IN_HOUR * 2); // 2 hours

In the config.php file which is located in the root directory of CS-Cart installation

On this, do many of you bother to change this? Any good reason why non-logged in is what seems to me to be very low (2 hours)?

It's effectively an idle time and is used for security purposes. I.e. if you're away from your desk for more than 2 hrs, then the session becomes inactive until you re-login.

2hrs seems a reasonable amount of time to expect interaction with your site before effectively logging you out.

// Session live time
define('SESSION_ALIVE_TIME', SECONDS_IN_HOUR * 2); // 2 hours

For infinite, can I make it as following, for 1 year?


// Session live time
define('SESSION_ALIVE_TIME', SECONDS_IN_HOUR * 8760); // 8760 hours in 1 year

Yes, you can if you do not worry about security aspects

Thanks guys it worked great :-)

Yes, you can if you do not worry about security aspects

I did make it for one year on my server. However, this has slower down my website dramatically. The Database is getting larger day by day.

Is there any thing else I can do to extend authenticated users' logged-in state while not affecting the server?

Did you examine which tables have biggest size?

Did you examine which tables have biggest size?

I found out that cscart_sessions table has huge data (almost 90% of the total database data).

Looks like 1 year is too much for CS-Cart. Try to use lower value. CS-Cart will delete outdated sessions

Looks like 1 year is too much for CS-Cart. Try to use lower value. CS-Cart will delete outdated sessions

Thank you eComLabs for your reply.

I have a question, please. What I want to achieve is to extend the logged-in status of the authinticated users.

I understand that we have two tables:

cscart_sessions which stores sessions for unauthinticated users.

cscart_stored_sessions for storing sessions for logged-in users.

I kept session_alive_time parameter in config.php as is (2 hours) because it affects users who are not logged-in.

I set sessions_storage_alive_time in config.php to 1-year as it stores data for logged-in users.

However, this doesn't work. Still logged-in users are getting logged-out after two hours!

Is my understanding correct?

Thank you again.

SESSIONS_STORAGE_ALIVE_TIME only affects data (like products in cart) and how long they are retained. It will NOT affect how long a user can be idle during their login.

I'd suggest you be more pragmatic in how long you allow a user's session to remain active while idle. There are several security concerns as well as general usage patterns. Right now its 2 hrs. You might consider upping it to 24. But not sure I'd go beyond this give the amount of session data that is stored per logged in user. Setting it to 1 year effectively says "never see data as stale" which which is unrealistic.

Otherwise, beef up your database server to a SAN and implement a caching server to cache recently accessed data. I.e. put your DB on a separate server designed for dealing with large database tables and caching.

hi,

Latest cs-cart change the session time configuration from config.php to tygh/session.php, but

    protected static $ttl = (AREA === 'C') ? SESSIONS_STORAGE_ALIVE_TIME : SESSION_ALIVE_TIME; // Edited By Beta

not affect and not Work "AREA"!

how increase session alive time in customers area?

It's still defined in /config.php

// Session live time
define('SESSION_ALIVE_TIME', SECONDS_IN_HOUR * 2); // 2 hours

i have changed SESSIONS_STORAGE_ALIVE_TIME to 2 weeks, and it has been working fine for the last 1 year. database size has increased, but my server can handle it.

Now the problem which i am facing is that "SESSIONS_STORAGE_ALIVE_TIME" has also inreased the login session timing of admins. which is a problem. can anyone guide me to make changes to code, so that "SESSIONS_STORAGE_ALIVE_TIME" for frontend users can be 2 weeks and for backend admins can be 2 hours only.

Please suggest.

Naman