I want to increase my session timeout to around 24 hours and for this I searched net but nothing helped me out. presently my website make the session of around 40 mins after this is expires i want to make this to 24 hours. In my core.php I added these lines
Configure::write('Session.timeout', '864'); // Session will last 24h
Configure::write('Session.autoRegenerate',true);
Configure::write('Security.level', 'medium');
any idea or sugesstion.
The naming of the CakeSession config parameters is confusing and setting them is not always consistent (see below for example).
1) Configure::write('Session.timeout', 'XXX'); is the number of minutes session will last. So if you want it to last 24 hours, set it to 24*60.
2) Configure::write('Session.autoRegenerate',true); is not linked to 'Session.timeout' -- even though the Cake docs implies it is. autoRegenerate is dependent on the CakeSession::$requestCountdown value. $requestCountdown is the number of pageviews before the session ID is regenerated. It is NOT time-based.
So here comes the inconsistency: how do we set the CakeSession::$requestCountdown value? Not the same way we do the other params. You have to set it in bootstrap via:
App::uses('CakeSession', 'Model/Datasource');
CakeSession::$requestCountdown = 25;
This value can NOT be set via Configure like the other params (as of v2.4). See the ticket I opened on this that confirms that the above is the intended usage: https://github.com/cakephp/cakephp/issues/2078
3) Configure::write('Security.level', '?????'); has been removed since Cake 2.0.
ref: http://book.cakephp.org/2.0/en/development/sessions.html
