App\Config\Session.php

check for lifetime...

you can also set...

Cookie::make('name', 'value', 60); // 1 hr

Native PHP session support was dropped starting in Laravel 4.1

To configure session lifetime edit app/config/session.php and set the following:

/* if this is set to 'native' it will use file.
   if this is set to 'array' sessions will not persist across requests
   effectively expiring them immediately.
*/ 
'driver' => 'file'

/* number of minutes after which the session is available for Laravel's
   built in garbage collection.
   Prior to 4.1 you could set this to zero to expire sessions when
   the browser closes. See the next option below.
*/
'lifetime' => 60

/* If true sessions will expire when the user closes the browser.
   This effectively ignores your lifetime setting above.
   Set to false if you want Laravel to respect the lifetime value.
   If your config file was written before 4.1 you need to add this.
*/
'expire_on_close' => false,

References:

• Discussion of why native PHP sessions were dropped. (because it automatically adds cookie information to headers which requires a lot of work for frameworks to get around if they want to completely wrap the request/response)
• Other Laravel session drivers
• Addition of expire_on_close config option discussed in Laravel 4.0 to 4.1 upgrade guide

Run artisan changes 4.1.* at the command line to see the note about the native session driver being equivalent to file

$ artisan changes 4.1.* | grep -i native
-> Native session driver has been replaced by 'file'. Specifying 'native' driver will just use the new file driver.

Check your php.ini, it has a value for session.gc_maxlifetime (and also session.cookie_lifetime) that sets a limit on how long PHP will allow sessions to last. When Laravel sets the options, it passes cookie_lifetime as the value set in app/config/session.php.

However, sessions are not expired immediately after the max lifetime is reached. What happens is after that amount of time has passed the session is then available to be removed by the garbage collector.

To solve the issue

One workaround is to check your php.ini file. You may have this variable defined: session.gc_maxlifetime. By default it is set to 1440. Just comment or delete it.

From this time on you session may work properly using your session.php config values.

In app/config/session.php you have:

lifetime

option that allow you to set session expire time in minutes (not in seconds)

'lifetime' => 60,

means that session will expire after an hour.

There is also one more setting here:

'expire_on_close' => true,

that decides if session will be expired when browser will be closed.

Other settings you could get interested is also php.ini values of:

session.cookie_lifetime = 0

and

session.gc_maxlifetime = 1440

Those are default values.

The first one means how long session cookie will be stored - default value is 0 (until browse is closed). The second option means after how many of seconds PHP may destroy this session data.

I said may because there is one other option session.gc_probability in php.ini file that decides what's the chance of running garbage collector. Be default there is only 1% chance that after 1440 seconds (24 minutes) this session data will be destroyed.