My organization is running Drupal 7.56 on Red Hat Enterprise 6.6, MySQL 5.5, and PHP 5.3.3. A bit outdated, I know.
Our issue is with the settings.php file on our sites, specifically for the session timeout.
Here’s the scenario:
We want our site editors to login to do their content edits and if they are idle for two hours or more, then the session should expire and they get logged off. We set this in settings.php –
However, if the site editor keeps working on and off throughout the day, then we want them to stay logged in as long as they are active. However, we eventually do want them logged off, so we expire their session cookie after 10 hours –
What seems to be happening is that the 2 hour expiration is not working at all. If someone logs in to a site and doesn’t do anything for over two hours, that person remains logged in. This is not what we want. We only want someone to stay logged in if they are active on the site, but inactivity should eventually lead to the logout. That isn’t happening.
I’ve even tried playing with the gc probabilities in settings.php, hoping that would help, but it does not. Here’s my latest settings for those variables –
If anyone has dealt with this before and can lend a helpful hand, I’d be truly appreciative.