This is really bugging me. Has been for years. No matter what I do with core.php or php.ini, my logins timeout after about an hour – usually. Some deployments of identical code and configuration timeout after a respectable amount of time.
This is what I have at the moment on one site – timed out after about an hour:
session.gc_divisor 1000
session.gc_maxlifetime 86400
session.gc_probability 1
Configure::write('Session.timeout', '28800');
Configure::write('Session.checkAgent', false);
Configure::write('Security.level', 'medium');
And another – lasted all night:
session.gc_divisor 100
session.gc_maxlifetime 14400
session.gc_probability 0
Configure::write('Session.timeout', '315360000');
Configure::write('Session.checkAgent', false);
Configure::write('Security.level', 'medium');
Now, before you get excited and say, “Well, the answer is there in the Session.timeout value”, let me tell you that this site usually times out after about twenty minutes!
Somewhere I read that on shared hosting, other applications can reset the session by clearing the php-defined session directory. This was alluded to by Rowlf in his answer.
CakePHP offers the option to configure the way sessions are handled. In
core.phpI changed this to'cake'(by default it is'php'):I also ensured that the session timeout and the corresponding php.ini values are the same:
So far, the system hasn’t logged out.