Can someone explain in detail the steps to increase the max session timeout to something greater than 4 hours? The drop down option in the SERVER - SESSION HANDLING screen, has a max of 4 hours. I'd like to make it 24 hours. I made a change to the sessiontimeout record in the mld_config table, but it did not work. Is there anything else I need to do?
I've not tried it (!) but in your config.php file, add the line
$CFG->sessiontimeout = 24 * 60 * 60; // 1 day in seconds
...this will override the setting in the admin pages. I can't help thinking that 24 hours is rather a lot.
If $CFG->sessiontimeout in config.php won't work for you then you have to do it from code.
1. Open the file moodle/lib/classes/session/manager.php.
2. find the prepare_cookies function.
3. then change session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $cookiesecure, $CFG->cookiehttponly);
session_set_cookie_params(86400, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $cookiesecure, $CFG->cookiehttponly); //for 24 hours
We'll it turned out that we will increase that to about 6 hours instead of the 24. But after further research, it seems that this sessions timeout is getting ignored. We are using Moodle on IIS, PHP, MySQL and using AICC to a separate content server. Our courses have multiple modules and when a user launches a course and sits idle for 30 minutes, the LMS session times out. We've confirmed it is not IIS nor the content server since we've tested the same courses on SCORM Cloud and it does not time out. Does Moodle have other areas that could be causing this time-out at 30 minutes?
Does it happen using Moodle NOT using AICC content? For example, if you open a page for editing and leave it for (say) an hour and then save. What happens?
Are you *sure* that the session timeout is set correctly? Is this being reported properly on the settings page (even if you've set it in config.php)?
The session timeout depends on cookies, so you should be able to check the Moodle cookies in your browser. There should be two (IIRC) - one for remembering the username and the other for the Moodle session. The lifetime is set here. So, it's possible that a browser plugin or some firewall madness could be behind this.
Did anyone ever figure this out? The 4-hour max session is far too short for our students. (As it appears this is also the case for many other people and organizations.)
Does anyone know if simply adding the following to config.php will do the trick?
$CFG->sessiontimeout = [some int val];
You can try it, but it probably will not work. The name, sessiontimeout, is a Moodle configuration setting found in the mdl_config table. If you try to set it for more than 14400 (4 hours) with something like phpMyAdmin, then purge caches and go look at Site administration, search for, sessiontimeout, it will warn you, Invalid current value, show you the invalid value, and then in the setting box it will change it to the default 2 hours.
@Ryan .. if you have vr. 3.5/6.x could try this:
php cfg.php --help
[root@server cli]# php cfg.php |grep timeout
php cfg.php --name=sessiontimeout --set=7500
where 7500 is the number of seconds you desire.
Dunno if it's temp or not ... search config tables to see if it 'sticks'. ;)
'spirit sharing', Ken
Thank you, Ken and Al, for your responses.
Ken, I'll give that a try (when I'm back to work). The primary "why" is that I get very regularly complaints from our students that the need to re-login multiple times a day is really frustrating and has lead to them losing their work. I really don't understand why the session timeout would be limited to only 4 hours. The only thing I can find anywhere is that there are "security concerns" which I find to be rather silly. What security concerns? I must be missing something. This isn't an online banking portal. What if everyone had to log into Gmail, Facebook or Instagram or any other site every single time you want to use it? People would use all those services a lot less. (In the case of social media that might not be a bad thing ;) but this is an LMS - we want max usage.)
Allowing students to stay logged in through at least the full day of class seems to me to be obvious. Every single hurdle/inconvenience in between our students and their progress with learning is a problem. And this constant need to log back in is a very regular inconvenience. One for which I see no need.
"security concerns" which I find to be rather silly ...
Hmmmm ... well, you can prove that by allowing (or figuring out a way) where your student sessions *never* time out ... always on ... always connected ... from any device ... from multiple devices ... from any location - uhhhh, I know Google checks and warns if it sees connections from devices not previously used ... does Moodle?
Must not do any maintenance during the academic year .... do your security updates live and without maintenance mode ... Hmmmm ... do a DB dump before that or during that? Should your DB server lock the DB while backing up?
Heck, if I were a student, would I be on/in Moodle all the time? Hey, student ... go get a life!
If I were a student, asking self, Is my success in life dependent upon what's in that Moodle? NO!
Sorry ... tongue in cheek here ... but ....
'spirit of sharing', Ken
If we keep tongue in mouth ;) out there is a wide world outside the academic world in private sector (and outside of british or american schooling system too...). And there a way longer session time is needed. Moodle isnt' just for schools, colleges and universities anymore - "moodle-dev" tries keep things in that way, though...
Maintenance, DB works etc has nothing to do with longer or long sessions. Or don't you have ever users middle of the night?
Anyway. $CFG->sessiontimeout = 86400 gives an error at session handling page but works.
Personally, I think 2 hours is really pushing it. You do realize that the time out setting is for 2 hours (or up to 4 hours) of NOT clicking on anything in Moodle? Makes me wonder what the student is doing if 4 hours is not enough.
Depending on who and where you are, it can cost your school a LOT of money. I remember reading of one incident in up-state New York, when I was actively teaching, where a school office worker left their desk while still logged in. A parent came in and started scanning through all the online student info available. Another parent came into the office and caught parent 1 reading records from parent 2's child. Parent 2 sued the school system and won a multi-thousand dollar settlement.
As a computer applications teacher, on more than one occasion, I caught student 2 "messing" with student 1's work, when the student 1's computer was left un-attended and still logged in. Had to buy monitoring/remote control software and change classroom procedures to prevent it from ever happening again.
I can understand the potential security problems in multi-user situations, but what about the rest of the world? That is an administrator's problem, not one which should be pushed onto the users' workload.
The world has moved on since this hurdle to efficient working was erected, and it needs to be removed (or at least modified).
Who should be the recepient of this suggestion?
What version of Moodle are you running?
Timeout default is 8 hours.
which admin can change
There is an option to set for weeks, days, hours, minutes and seconds
Now the next step is to get months and years as the unit of time.
My timeout had been set (years ago) to 2 hours, and I had no idea that it could be changed. I have now changed it to 1.5 days which will tide me over the monthly marking campaign.
Is it possible to have different settings for different classes of users?
Also in that setting page, it is possible to store information about current sessions (currently default = No). Does that apply to all users? Does that mean if I log out and re-login, my Moodle view will be set at the point at which I left it? At the moment when I re-login in the middle of a marking session, Moodle forgets all the settings about the group or which student I was marking, but does remember that I was marking Quiz 3 or Assignment 20.
Remember the setting is global ... all users .. not just you the admin/teacher but all ... including students.
"Is it possible to have different settings for different classes of users?"
No, don't think so.
"... my Moodle view will be set at the point at which I left it?"
Kinda depends on users browser ... cache/cookies etc.
Think modules like SCROM's can be programmed that way but most moodle activities are not SCORM's.
The guidance note on https://yoursite/admin/settings.php?section=sessionhandling
suggests that the user's Moodle view is held (or not) in a Moodle database, and should (?) be unaffected by my cookies on my PC.
Not having to login so frequently has reduced the urgency of this point.
I have a test site and I am trying to install a zipped plugin which takes me about 30-45 minutes to upload and as soon as I then click to go ahead and install from the zip, I get a timeout. This has happened several times, and every time I start again from scratch.
What do I change to allow it to install?