Magento 2 tutorials

How change admin backend session timeout (lifetime) in Magento 2

Pinterest LinkedIn Tumblr

By default, for security purposes, Magento 2 admin session timeout is set to 900 sec. That means if there’s no activity in the admin dashboard in 900 seconds, your admin account will be forced to log out.

For some users, this is quite annoying as we need to spend a lot of time working in backend and we don’t want to re-login every time we go to the dashboard.

In this tutorial, I will guide you how to adjust admin backend session timeout in Magento 2 (Admin Session Lifetime)

Step 1: Change session.gc_maxlifetime value defined in php.ini file

Since many users report to me that the Admin session lifetime in the backend does not change session time out, so I would like to recommend changing session.gc_maxlifetime value in php.ini first.

Magento 2 use gc_maxlifetime value to define session time out. We will change this value in php.ini before adjusting admin session timeout in backend

Connect to your server using a file manager application like filezilla, winscp and edit  php.ini and look for the value session.gc_maxlifetime

session.gc_maxlifetime

Change this number to the session time you want. (by default the value is 1440 seconds)

Save change to this file and remember to restart apache/nginx to apply changes

service apache2 restart

Quick tip: to find php.ini on your server, use the command below:

For Windows OS:

php -i|find/i"configuration file"

path to php ini windows

For Linux OS:

php -i | grep 'Configuration File'

path to php ini linux

You can also add this line to .htaccess file in Magento 2 folder to change session.gc_maxlifetime

php_value session.gc_maxlifetime 28800

Step 2

In admin dashboard, go to Store > Configuration

store configuration

Step 3

In the left menu, select Advanced > Admin

advanced admin

In this section, we can adjust many things related to admin like admin user name, email, base url…

Now scroll down to Security and find the line Admin session lifetime. The value in this field defines how long a session remains active.

Unselect Use system value and enter the value that fits your work style.

For example, if you want to stay logged in for 1 year, enter the value: 31536000admin session lifetime

Step 4

After you finish, click on Save Config button to apply change.

save config

 

Alternative 2: Manually change admin session timeout

You can also change admin session time out by editing /vendor/magento/module-encryption-key/etc/

Edit this file with a text editor and look for the line

<security>
    <session_lifetime>900</session_lifetime>
</security>

manually change admin session timeout

Now change the value in <session_lifetime>900</session_lifetime> to the value you want and save changes to this file

Finally, deploy static files with this command

php bin/magento setup:static-content:deploy -f

Alternative 3: Change admin session lifetime using phpmyadmin

You can also update Admin Session Lifetime value directly in database using PHPmyadmin (This method is not recommend for newbie)

Open phpmyadmin and login to your Magento 2 website’s database.

In table core_config_data , look for the path: admin/security/session_lifetime.

change admin session timeout in phpmyadmin

The value of this path define Admin Session Lifetime, edit this value to the number you want, and update the table to apply change

You can also use this SQL syntax to update this value

INSERT INTO core_config_data(path, value) VALUES('admin/security/session_lifetime', 86400);

Wrapping up

Remember to change session.gc_maxlifetime value in php.ini before changing admin session lifetime in backend first. The value you set in Magento backend is based on the value in php.ini.

Drop a comment below if you have any problem when changing admin life time in Magento 2 and include a screenshot describing your error if possible. I will be happy to help!

Hung Tran is the main editor of magentip.com, he loves to write about everything related to Magento 2

Write A Comment