Adjusting Your Joomla! 3.x Session Time for your Users

Session Lifetime

By default, Joomla has a 15 minute session time for logged in users, meaning if a user goes inactive for more than 15 minutes, they are automatically logged out and need to enter their credentials again. But, sometimes you need longer session times, for instance, when you are developing a site and don’t want to be logging in over and over. Or, maybe you have some very long forms for logged in users to complete and you don’t want their session expiring before they can hit the submit button.

So, let’s take a look at changing the session time in the backend of Joomla.

  1. Login to the backend of Joomla with a super administrator account.
  2. Click to open the System menu item.
  3. Select Global Configuration from the dropdown.Select Global Configuration from Dropdown
  4. Once the Global Configuration is open, click on the System tab.Select the System tab
  5. Scroll down the page until you see the Session Settings section.Change the session time value

    There will be three fields:

    • Session Handler – the way the sessions are handled by Joomla
    • Session Lifetime – how long a user stays logged in while being inactive
    • Shared Sessions – the ability to make the login work for both frontend and backend simultaneously
  6. To make the session time longer, simply change the value in the Session Lifetime field to the desired length in minutes. For example, maybe you want to make the session an hour and half, then you would enter “90” for the value.
  7. After you have changed the value, then click Save and Close on the Global Configuration.

That’s it! You’ve now changed the session time for your users.

Please note, that this session time is the same for both frontend and backend users.


Session Handler

In case you are wanting to dig a little deeper in the session settings, here’s a little more information about the Session Handler dropdown.
joomla session 04

The Session Handler dropdown gives you three options:

  • Database – saves the browser cookie in a table in the Joomla database
  • PHP – stores the browser cookie in a php file on the server
  • Memcached (Experimental) – uses an open source memory object caching system

DATABASE
By default, Joomla is set to Database to track the user that is logged in for non-activity. If you aren’t able to get to your php settings or server files, we recommend you stick to the default setting here.

PHP
If your database is on another server or has a slow connection, changing to a PHP handling method might be a better choice for you. PHP handling writes to a file directly on the web server and has more advanced session handling.

You need to make sure your host PHP settings will allow this before trying it, or you may find yourself locked out of your site. If you do get locked out when you switch to PHP handling, you will need FTP access in order to modify the configuration.php file. You will need to look for the line that says public session _ handler = “none” and change it back to public session _ handler = “Database” again. Now you should be able to log in again and you will see the Session Handler dropdown is back to Database.

MEMCACHED
The last option of Memcached is marked “Experimental” still, so we recommend you do not use this method on live sites at this point in time.


Shared Sessions

Shared Sessions is set to No by default, meaning you will need to login to the backend and the frontend and those are handled separately. If you want the same session to work on the frontend and backend, you will first need to hop over to the Server tab in the Global Configuration and make sure that your Force HTTPS is set to either None or Entire Site, but not Administrator Only. If you need to have the Administrator Only setting for this field, then you will need to leave Shared Sessions set to No.

Shared Sessions toggle

If your Force HTTPS is set to None or Entire Site (which is the preferred setting in most scenarios), then you can go back over to the System tab, scroll down to the Session Settings, and change Shared Sessions to Yes.

Check your Force HTTPS settings

After you make those changes, don’t forget to click Save or Save & Close in the Global Configuration. Now you’ve changed your session handling to work for frontend and backend.

We hope this tutorial helps you with your Joomla Session! And, for full Joomla installs and setups, see our extensive video course library for Joomla.

Author

  • Robbie Adair

    Robbie started her career in corporate training until starting her own custom training and media company almost seventeen years ago. In 2010, she began doing classroom training for OSTraining while running Media A-Team. She is often presenting about various tech topics such as Joomla, Fabrik, Web Development, Social Media, and Augmented Reality. She loves seeing that "ah-ha" moment in peoples eyes in her sessions and workshops. She lives in Houston, Texas, but enjoys all the travel for client work and speaking gigs.

0 0 votes
Article Rating
Subscribe
Notify of
14 Comments
Oldest
Newest
Inline Feedbacks
View all comments
hjames
3 years ago

Have you had any experience where one user is able to login as another user on the frontend? I am encountering this issue now and am thinking it may be related to the Session Handler.

Sami
Sami
3 years ago

Thank you very clear documentation

Josean Telleria
Josean Telleria
3 years ago

Hi Robbie,

I have a client that he want to put 1 year session lifetime, but I can´t do it because the max minutes limit are 9999. Do you know another away to do that?

thanks

Josean Telleria
Josean Telleria
3 years ago
Reply to  robbieadair

The client believes that people forget their passwords and do not access the news. The case is clear. Google Analytics detects that on the days of private newsletters, there is an increase in access to the login page, but visits die on that page. If there was a longer session people would access and increase the flow.

Sorry I didn’t reply sooner, I thought I’d get an email alert.

THANK YOU

Josean Telleria
Josean Telleria
3 years ago
Reply to  robbieadair

Thanks Robbie,

I´ll try to do your recommendations.

Thank you very much.

Rakso
Rakso
3 years ago

Cordial saludo;

como se puede controlar para los usuarios registrados solo puedan iniciar sesión en un solo dispositivo simultáneamente  o tener solo una sesión abierta. 

mikall
3 years ago
Reply to  Rakso

TRANSLATION:

Regards;

as it can be controlled so that registered users can only log in to a single device simultaneously or have only one session open.

Finn Alfred Olesen
Finn Alfred Olesen
2 years ago

When I Logout say’s Error You most login first.   Why?

14
0
Would love your thoughts, please comment.x
()
x