A session is a way to store information (in variables) to be used across multiple HTTP Requests, to simulate a “state” across pages navigation.

Laravel ships with a variety of session backends managers that are accessed through an expressive, unified API. Support for popular backends such as Memcached, Redis, and databases is included.

As far as session timeout is concerned, you can increase the session lifetime in Laravel by making some adjustments in the session.php file.

You can easily increase session lifetime in Laravel 5, Laravel 6, Laravel 7, Laravel 8 and Laravel 9 version.

How long last a session in Laravel

By default it is set to 120 minutes (2 hours). If you comment or delete the Laravel session setting, your session may work properly using the session configured in php config values.

What is reasonable session timeout

A session should not last longer than 30 minutes. You can read this post to understand better why: How to change PHP session timeout.

Setting Laravel Session Lifetime

Your application’s session configuration file is stored at config/session.php. Be sure to review the options available in this file.

By default, Laravel is configured to use the file session driver, which will work well for many applications. If your application will be load balanced across multiple web servers, you should choose a centralized store that all servers can access, such as Redis or a relational database.

The session driver configuration option defines where session data will be stored for each request. Laravel ships with several great drivers out of the box:

  • file - sessions are stored in storage/framework/sessions.
  • cookie - sessions are stored in secure, encrypted cookies.
  • database - sessions are stored in a relational database.
  • memcached / redis - sessions are stored in one of these fast, cache based stores.
  • dynamodb - sessions are stored in AWS DynamoDB.
  • array - sessions are stored in a PHP array and will not be persisted.

The lifetime session setting gonna be done the same way despite of the session driver configured.

If you want to increase or decrease your session life time then you can easily do it from configuration file in Laravel. In the config/session.php file there is a lifetime key option for setting time in minutes. In session configuration file there is a also several option for set driver, timeout, expire_on_close and encrypt etc.

The session lifetime configuration can be done also using the .env file:

SESSION_LIFETIME = 30

What about to set a forever lifetime for sessions? Well, basically, you can not set lifetime session for forever but you can set in minutes for session expiration time.

So if you want to set it to 1 year time for session expire you can calculate how many minutes represent 1 year, then set in .env this value, or configure it direct in config/session.php file with a formula:

60 * 24 * 365 = 525600 // 1 year

In .env file:

SESSION_LIFETIME = 525600

In config/session.php file:

<?php
  
use Illuminate\Support\Str;
  
return [
  
    .....
  
    'lifetime' => 1 * (60 * 24 * 365),
  
    .....
  
]

Conclusion

The right session lifetime for Laravel applications gives to developers more control on how much sessions should last and improve the application security.

References