Skip to content

Kirby 5.1.2

session

Configuration settings for Kirby sessions

You can define the following configuration options in your /site/config/config.php:

<?php

return [
    'session' => [
        'durationNormal' => 7200,            // default: 2 hours
        'durationLong'   => 1209600,         // default: 2 weeks
        'timeout'        => 1800,            // default: half an hour
        'cookieDomain'   => 'getkirby.com',  // default: automatic browser behavior
        'cookieName'     => 'kirby_session',
        'gcInterval'     => 100              // default: cleanup every ~100 requests
    ]
];

durationNormal

Maximum duration of a normal session in seconds; if that time is over and the session has not been renewed, the session becomes invalid and is deleted from the server.

Renewing happens automatically in the background. You can read more about this in the guide.

durationLong

If you tick the "keep me logged in" checkbox in the Panel, you get a "long" session, which has a longer duration and no activity timeout, so you can close the browser window and come back at any time within the configured duration.

timeout

The duration options above define the absolute session expiry. Like in Kirby 2, there is also an additional activity timeout: If the session wasn't seen for this time, the session also becomes invalid.

If you leave a Panel window open, the session never expires, even without clicking on anything.

cookieName

The name of the session cookie

Since 5.1.0

cookieDomain

The topmost-level domain on which the session cookie should be sent.

You can read more about the behavior of the domain attribute for cookies in the MDN docs.

Note that setting the cookieDomain option disables Kirby setting the path attribute to the cookie (relevant in subfolder setups).

gcInterval

Expired sessions are automatically cleaned up from the /site/sessions directory. To increase performance, this only happens every few requests.

You can also disable this process completely by setting the option to false and then manually calling the garbage collector from a Cronjob.