In my Symfony 3.4 application, the user is automatically logged out after a certain period of time. I want to change this behaviour and make my application never log out automatically. It should log out the session only when the user clicks on the logout link.

I have read the documentation and tried by setting the cookie_lifetime but it is not working for me. If anybody worked on this area please suggest how to proceed.

Updates:

I'm using this documentation page http://symfony.com/doc/master/components/http_foundation/session_configuration.html#session-lifetime

I'm using Symfony 3.4 flex based project.

I'm setting the configurations in config/packages/framework.yml. The configurations are as follows:

framework:
    session:
        handler_id: ~
        cookie_lifetime: 31536000
        gc_maxlifetime: 31536000

After a long debugging, I found out that the following configuration is telling Symfony to use the default PHP save handler and the default session file path.

framework:
    session:
        handler_id: ~

Hence Symfony session files are being stored in /var/lib/php/sessions directory. In Debian based operating systems, a cron job is deleting the session files every half an hour. This cron job is identifying the active sessions based on the PIDs associated with apache2 and updating the last accessed time and last modification time of these active session files only.

Then the same cron job is deleting the session files which are having the last modification time before the gc_maxlifetime i.e; inactive sessions. The main problem is that gc_maxlifetime is determined based on the php.ini files only but not considering the Symfony's .yaml files. Hence the configurations in Symfony's .yaml files are ignored and the PHP's gc_maxlifetime is used.

This makes the session files being deleted after 20 minutes to 30 minutes. To fix this problem, I have updated the .yaml configurations as follows:

framework:
    session:
        handler_id: session.handler.native_file
        save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'
        cookie_lifetime: 31536000
        gc_maxlifetime: 31536000

Now the session files are not stored inside the default /var/lib/php/sessions directory and hence the cron job is not deleting the session files. Now Symfony is taking care of this session handling job and it works perfectly now.

This is the solution for symfony 4.

session:
        #handler_id: ~
        handler_id: session.handler.native_file
        save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'        
        cookie_lifetime: 1800 // was "lifetime" but deprecated

Just in case there's RedisSessionHandler configured for session storage, one should also consider increasing the ttl parameter passed into the service:

# config/services.yaml
services:
    # ...
    Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler:
        arguments:
            - '@Redis'
            # you can optionally pass an array of options. The only options are 'prefix' and 'ttl',
            # which define the prefix to use for the keys to avoid collision on the Redis server
            # and the expiration time for any given entry (in seconds), defaults are 'sf_s' and null:
            - { 'prefix': 'my_prefix', 'ttl': 600 } # also set equal 31536000