The Most Popular Extension Builder for Magento 2

With a big catalog of 224+ extensions for your online store

Modify Admin Session Lifetime in Magento 2: A Detailed Guide

Set Admin Session Lifetime Magento 2 - Created and developed specially for Magento 2, the Admin functions as a security measure for your online store. The password-protected back office facilitates the administrative work by allowing you to manage orders, catalog, content, and configurations effectively. The Admin times out after 900 seconds, or fifteen minutes of keyboard inactivity by default. If you’re using this Security extension, a warning email will be sent.

However, you can always make adjustments to the lifetime of the session to fit your work style.

You can set Admin Session Lifetime in Magento 2 by following these following steps:

To set Admin Session Lifetime in Magento 2

Step 1: Open the Magento Security session

  • On the Admin sidebar, click Stores > Settings: Configuration.
  • In the panel on the left, select Advanced > Admin.
  • Quickly look for the Security section, which is right below Admin Base URL.

Step 2: Enter the Admin session lifetime which is measured in seconds

Expand the Security section. Then do the following:

Admin Session Lifetime

  • Next to Admin Session Lifetime (seconds) field, erase the tick in the box before Use system value to remove the default session lifetime.

  • Then enter your preferred number of seconds during which a session remains active before timing out.

For Magento 2.1+ Issue Starting from Magento version 2.1, the admin session stays active until you close your web browser. This change was likely made for security reasons. The relevant code is in Magento\Backend\Model\Session\AdminConfig.

/**
 * Set session cookie lifetime to session duration
 *
 * @return $this
 */
protected function configureCookieLifetime()
{
    return $this->setCookieLifetime(0);
}

To change this behavior, you can use a plugin for this class. Insert the following interceptor method:

public function beforeSetCookieLifetime()
{
    $lifetime = $this->scopeConfig->getValue(
        \Magento\Framework\Session\Config::XML_PATH_COOKIE_LIFETIME,
        \Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT);
    return [$lifetime, \Magento\Framework\Session\Config::COOKIE_LIFETIME_DEFAULT];
}

Where $this->scopeConfig is an instance of \Magento\Framework\App\Config\ScopeConfigInterface, injected through constructor parameter.

With this modification, the cookie lifetime will be determined by your configuration settings, similar to the frontend.

It’s essential to note that the configuration in Stores > Configuration > Advanced > Admin Security > Session Lifetime no longer affects cookies. Instead, it influences the Redis session lifetime. If you increase the cookie lifetime, be sure to adjust this value as well.

Step 3: Save the change

Once you have finished setting the ideal length of session lifetime, tap Save Config. Done!

Related Post

Image Description
With over a decade of experience crafting innovative tech solutions for ecommerce businesses built on Magento, Jacker is the mastermind behind our secure and well-functioned extensions. With his expertise in building user-friendly interfaces and robust back-end systems, Mageplaza was able to deliver exceptional Magento solutions and services for over 122K+ customers around the world.

Looking for Magento Development Company?

8+ years of experiences in e-commerce & Magento has prepared us for any challenges, so that we can lead you to your success.

Get free consultant
development service
x

    Explore Our Products:

    People also searched for

    Subscribe

    Stay in the know

    Get special offers on the latest news from Mageplaza.

    Earn $10 in reward now!

    Earn $10 in reward now!

    comment
    iphone
    go up