How to set session timeout in Laravel?
Stefan Izdrail
Founder & Senior Architect · 2026-06-29
Title: Effectively Adjusting Session Timeouts in Laravel Applications
Body: Setting session timeouts is a crucial aspect of any web application's security measures. Enabling proper time limits on user sessions ensures that sensitive data remains protected and prevents unauthorized access to your application. As an experienced developer, you may find yourself looking for ways to customize session timeouts in Laravel, the PHP framework known for its expressive syntax and elegant design patterns. This comprehensive guide will walk you through how to set session timeout in Laravel, including code examples and best practices.
Firstly, you need to understand that by default, Laravel uses Redis as a session driver. However, if your application doesn't have Redis or you prefer another driver such as File or Array, here are the steps:
1. Enable your desired session driver in config/session.php:
- For Redis, simply uncomment the redis configuration section under 'default' and set the 'driver' to 'session.handler'.
- For File, change the value of 'driver' to 'file'.
- For Array, modify it to 'array'.
Be sure to update the connection details if you are using Redis or any other driver. This configuration allows you to set session timeouts without making significant changes in your codebase.
Now that you have chosen your preferred session driver and configured its settings, follow these steps:
2. Modify Laravel's default session timeout:
- Open the config/session.php file and locate the 'lifetime' key under each of the drivers. By default, it is set to 120 minutes, which corresponds to two hours. Adjust this value to your required time limit, such as 60 or 90 minutes:
- For Redis:
```php
'lifetime' => env('SESSION_LIFETIME', 120),
```
- For File or Array:
```php
'lifetime' => env('SESSION_LIFETIME', 120),
```
3. Use the config file to set a different lifetime for specific users or devices:
- Access the Laravel documentation for more information on how to utilize middleware, cookies, and request headers to customize session timeouts based on your application's needs.
4. Incorporate session timeout notifications:
- To ensure your users are aware of their session expiration, consider implementing session timeout notification emails or in-app messages. This will improve user experience while still maintaining security as a priority.
5. Monitor and securely handle expired sessions:
- Regularly check your application's log files for any error messages related to expired sessions. When you detect an issue, implement measures such as redirecting users to a login page or preventing access to sensitive data and functions.
With these steps in mind, you can confidently set session timeouts according to your Laravel application's requirements. Remember that proper security practices are essential for the seamless operation of any web application, and Laravel offers various options and tools to help you achieve this goal.
In conclusion, setting session timeouts in Laravel is achievable through a well-planned configuration process, adjusting the session driver's lifetime, implementing custom notifications for users, and ensuring security measures are in place for expired sessions. By following these best practices, your application will benefit from improved user experience while maintaining robust data protection.