By default, for security purposes, Magento 2 admin session timeout is set to 900 sec. That means if there’s no activity in the admin dashboard in 900 seconds, your admin account will be forced to log out.
For some users, this is quite annoying as we need to spend a lot of time working in backend and we don’t want to re-login every time we go to the dashboard.
In this tutorial, I will guide you how to adjust admin backend session timeout in Magento 2 (Admin Session Lifetime)
Step 1: Change session.gc_maxlifetime value defined in php.ini file
Since many users report to me that the Admin session lifetime in the backend does not change session time out, so I would like to recommend changing
session.gc_maxlifetime value in php.ini first.
Magento 2 use
gc_maxlifetime value to define session time out. We will change this value in php.ini before adjusting admin session timeout in backend
Connect to your server using a file manager application like filezilla, winscp and edit php.ini and look for the value
Change this number to the session time you want. (by default the value is 1440 seconds)
Save change to this file and remember to restart apache/nginx to apply changes
service apache2 restart
Quick tip: to find php.ini on your server, use the command below:
For Windows OS:
php -i|find/i"configuration file"
For Linux OS:
php -i | grep 'Configuration File'
You can also add this line to .htaccess file in Magento 2 folder to change
php_value session.gc_maxlifetime 28800
In admin dashboard, go to Store > Configuration
In the left menu, select Advanced > Admin
In this section, we can adjust many things related to admin like admin user name, email, base url…
Now scroll down to Security and find the line Admin session lifetime. The value in this field defines how long a session remains active.
Use system value and enter the value that fits your work style.
For example, if you want to stay logged in for 1 year, enter the value: 31536000
After you finish, click on Save Config button to apply change.
Alternative 2: Manually change admin session timeout
You can also change admin session time out by editing /vendor/magento/module-encryption-key/etc/
Edit this file with a text editor and look for the line
<security> <session_lifetime>900</session_lifetime> </security>
Now change the value in
<session_lifetime>900</session_lifetime> to the value you want and save changes to this file
Finally, deploy static files with this command
php bin/magento setup:static-content:deploy -f
Alternative 3: Change admin session lifetime using phpmyadmin
You can also update Admin Session Lifetime value directly in database using PHPmyadmin (This method is not recommend for newbie)
Open phpmyadmin and login to your Magento 2 website’s database.
core_config_data , look for the path: admin/security/session_lifetime.
The value of this path define Admin Session Lifetime, edit this value to the number you want, and update the table to apply change
You can also use this SQL syntax to update this value
INSERT INTO core_config_data(path, value) VALUES('admin/security/session_lifetime', 86400);
Remember to change
session.gc_maxlifetime value in php.ini before changing admin session lifetime in backend first. The value you set in Magento backend is based on the value in php.ini.
Drop a comment below if you have any problem when changing admin life time in Magento 2 and include a screenshot describing your error if possible. I will be happy to help!