Essence: Yii2 removes all cookies and sessions after a while, although the lifetime is 3600 * 24 * 30 * 12 - which is confirmed when viewing cookies in the browser. Removes both PHPSESSID and any other domain names.

My config:

'session' => [ 'class' => 'yii\web\Session', 'cookieParams' => ['httponly' => true, 'lifetime' => 3600*24*30*12], 'timeout' => 3600*24*30*12, 'useCookies' => true, ], 'request' => [ 'enableCookieValidation' => false, 'enableCsrfValidation' => true, 'cookieValidationKey' => 'секретка', ],

Validation disabled because I tried to set via setcookie directly. The moment of removal could not be traced, but it comes some time after the client’s inactivity, approximately 20 minutes.

I also found out that all cookies are deleted if manually removing PHPSESSID.

  • все куки и сессии удаляет через некоторое время - So the session should be deleted when the browser is closed according to the idea - Yury Svetlov
  • 2
    Where to spin your application yii2? A separate server or hosting, on the machine which it is possible to host other people? Generally, if there are several sites on the hosting, then the cookie settings can clear cookies on all sites on the server. To prevent this from happening, you must specify a folder for cookies. - IVsevolod

1 answer 1

Maybe it's not yii .
This behavior occurs because the session.cookie_domain php.ini parameter is incorrect or missing, which can be set:

 session.cookie_domain = ".site.com"

Or:

 ini_set('session.cookie_domain', '.site.com' );