You have the correct settings for the session manager, but this is not enough for these session settings to be used as the default one.

My assumption is that you do not make this session manager your default one. In order to make it, you need to instantiate it as early as possible. One solution would be to do this is in module Module.php

use Zend\Mvc\MvcEvent;
use Zend\Session\SessionManager;

class Module
{
    //...

    /**
     * This method is called once the MVC bootstrapping is complete. 
     */
    public function onBootstrap(MvcEvent $event)
    {
        $application = $event->getApplication();
        $serviceManager = $application->getServiceManager();

        // The following line instantiates the SessionManager and automatically
        // makes the SessionManager the 'default' one.
        $sessionManager = $serviceManager->get(SessionManager::class);
    }
}

Reference

EDIT: My 2nd assumption is that you use the global path for your sessions(eg /var/lib/php/sessions).

In Debian, there is a cron that may clear sessions according to your php.ini session settings(/etc/cron.d/php).

This cron uses your php.ini "gc_maxlifetime" and probably clears your sessions.

To find out where your sessions are saved, use session_save_path(). Check that directory for your sessions.

To overcome this, you should set "save_path" and this path should not be shared with others applications or scripts on your server(you do not want another script using the global gc settings or its own, deleting your sessions).

Add

'save_path'           =>   '/path/to/app/data/sessions'

in your 'session_config' array.