phpMyAdmin - cannot change session expiration time

Asked 13/11, 2014 at 7:44 Answered 15/12, 2014 at 14:54

I know this question has been asked many times on SO website. However, I have read this, this, this, this, this and this, and more. None of them worked. I have also tried to change the session files location and other things I don't remember now.

My setup:

one: the config.inc.php file:

<?php
$cfg['LoginCookieValidity'] = 3600 * 24; // http://docs.phpmyadmin.net/en/latest/config.html#cfg_LoginCookieValidity

this shows up in phpMyAdmin settings:

enter image description here

two: .htaccess file:

php_value session.gc_maxlifetime 86400

three: phpinfo.php file from phpMyAdmin root shows:

enter image description here

four: the server (uname -a):

Linux ubuntu-13 3.11.0-26-generic #45-Ubuntu SMP Tue Jul 15 04:02:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Is there any other way I can increase the phpMyAdmin session timeout?

Segregationist answered 13/11, 2014 at 7:44 Comment(7)

try to restart your apache and mysql services – Copernicus 13/11, 2014 at 7:47

It has been started about 30-40 times. This problem is long as I remember (a few years). I could never change phpMyAdmin session time. But I just had enough of it. I even considered changing it. – Segregationist 13/11, 2014 at 7:49

You may have inadvertantly messed with something while you were originally trying to get it to work. It might be easier just to reinstall phpMyAdmin, your webserver, or possibly even your database. But that of course depends on your setup. Cookie sessions shouldn't expire as long as they're accessed/(changed?) frequently enough to evade expiry. That leaves a possible workaround if you don't want to go the former route. – Anaya 13/11, 2014 at 7:59

This server I'm using now has been setup for only a few months. The previous server had the "same thing" for sessions. And on this server I have changed back my changings, except the settings above. – Segregationist 13/11, 2014 at 8:7

apt-get update; apt-get upgrade; try this to upgrade all pakages in system. – Corie 9/12, 2014 at 8:57

@Gedzberg Alex: Upgrades always messed up something and this server is used by multiple developers. I cannot bring it down like that. – Segregationist 9/12, 2014 at 9:9

If you have implemented all the settings mentioned above, then most probably, the problem is on the client-side, because everything on the server and PHPMyAdmin look fine. Try using a different browser. Maybe the browser doesn't allow the cookies to be saved. Check if there's any other software (antivirus software etc.) which prevents you from saving the cookies on your PC. – Monocot 9/12, 2014 at 11:26

Ubuntu will by default disable the PHP session garbage collector (by setting the master value of session.gc_probability to 0), and in stead use a cronjob to delete session files after they reach a certain age. The age is determined by the master value of session.gc_maxlifetime.

This means that regardless of your local 86400 seconds value (which has no effect because of the disabled session garbage collection) the cronjob will delete sessions files after 1440 seconds.

So you have 2 options:

Disable the cronjob (probably /etc/cron.d/php5) and enable the PHP session garbage collector, by setting session.gc_probability to 1 (in all /etc/php5/*/php.ini files).
Set the correct master value for session.gc_maxlifetime. Yours is 1440 seconds. Alter it (in all /etc/php5/*/php.ini files) to the greatest local value any virtual host / php application on the server uses (so at least 86400 seconds).

Middlesworth answered 10/12, 2014 at 19:35 Comment(1)

As it is right now (I changed it as you suggested) it appears that the session doesn't expire. – Segregationist 16/12, 2014 at 13:39

PhpMyAdmin should be working fine with your configurations, you may have messed with something while you were originally trying to get it to work. since you can't reinstall phpmyadmin or do upgrades on the server. there are other solutions to this problem.

Hacking the core

I don't think that this is a good idea but if you really want to get rid of this you can disable the feature by modifying AuthenticationCookie.class.php in libraries/plugins/auth/

go this line

    if ($_SESSION['last_access_time'] < $last_access_time
    ) {
        PMA_Util::cacheUnset('is_create_db_priv', null);
        PMA_Util::cacheUnset('is_process_priv', null);
        PMA_Util::cacheUnset('is_reload_priv', null);
        PMA_Util::cacheUnset('db_to_create', null);
        PMA_Util::cacheUnset('dbs_where_create_table_allowed', null);
        $GLOBALS['no_activity'] = true;
        $this->authFails();
        if (! defined('TESTSUITE')) {
            exit;
        } else {
            return false;
        }
    }

and edit it to

    if (false
    ) {
        PMA_Util::cacheUnset('is_create_db_priv', null);
        PMA_Util::cacheUnset('is_process_priv', null);
        PMA_Util::cacheUnset('is_reload_priv', null);
        PMA_Util::cacheUnset('db_to_create', null);
        PMA_Util::cacheUnset('dbs_where_create_table_allowed', null);
        $GLOBALS['no_activity'] = true;
        $this->authFails();
        if (! defined('TESTSUITE')) {
            exit;
        } else {
            return false;
        }
    }

By doing this the feature will be disabled and there is not timeout anymore. You can always click on logout when you complete your work with phpmyadmin.

Or Use a browser add-on

Firefox Phpmyadmin Timeout Preveneter

Methaemoglobin answered 15/12, 2014 at 14:54 Comment(0)

Hacking the core

Recommended topics

Hot tags