Laravel 10 Handle Session Timeout in Application

Reading Time: 5 minutes

Session management is a critical component of online application development, as it ensures security, user experience, and resource optimisation. In Laravel 10, determining how long user sessions remain active and accessible is critical for balancing security and user comfort.

We will walk you through the process of working with session timeouts in Laravel 10 in this article. To maintain secure and seamless user experiences, we will look at how to establish session settings, manage session timeouts, and handle user interactions.

Read More: Laravel 10 Seed Database Using Faker Library Tutorial

Let’s get started.

Laravel Installation

Open terminal and run this command to create a laravel project.

composer create-project laravel/laravel myblog

It will create a project folder with name myblog inside your local system.

To start the development server of laravel –

php artisan serve


Assuming laravel already installed inside your system.

What is Session Timeout?

The duration of inactivity after which a user’s session on a computer system, website, or application is automatically terminated is referred to as the session timeout. When a person interacts with a system (for example, by login into a website), a session is formed to keep their state and allow them to perform tasks without having to re-authenticate.

However, sessions are frequently scheduled to expire after a particular period of inactivity for security concerns. This helps to prevent unauthorised access and keeps critical information safe. When a session timeout occurs, the user must normally log back in to resume their actions.

Laravel Default Session Timeout

Open .env file from application root.

You will see you have an environment variable available to set it’s timeout value.


This 120 value is in minutes. The given line means if system is idle for 2 hours then session will be automatically destroyed.

Change Session Timeout Period

In an year, total minutes is equals to

60 * 24 * 365 = 525600

60 (an hour minutes), 24 (a day hours), 365 (a year days)

Read More: Laravel 10 How To Generate UUID Tutorial

Update .env file with this new value.


This 525600 value is in minutes. The given line means if system is idle for a year then session will be automatically destroyed.

How Environment Variable Works?

Each value of .env file i.e environment variables are accessible at any point of application by using global helper function env().

Open session.php from /config folder. Search for lifetime

You will see something like this,

'lifetime' => env('SESSION_LIFETIME', 120),

Application uses this lifetime key inside application for session timeout.

env(‘SESSION_LIFETIME’, 120) env function is searching SESSION_LIFETIME variable inside .env file, if it exists then it’s value will be used to session timeout value else default 120 value which is second parameter in env() will be used.

If we pass direct value to session.php, also it works same what we have done with .env

# .env


# session.php
'lifetime' => 525600,

Read More: Laravel 10 Read JSON File Example Tutorial

Additionally, if you want to destroy session on browser close simply set this value to true in session.php

'expire_on_close' => true,

We hope this article helped you to learn about Laravel 10 Handle Session Timeout in Application in a very detailed way.

Online Web Tutor invites you to try Skillshike! Learn CakePHP, Laravel, CodeIgniter, Node Js, MySQL, Authentication, RESTful Web Services, etc into a depth level. Master the Coding Skills to Become an Expert in PHP Web Development. So, Search your favourite course and enroll now.

If you liked this article, then please subscribe to our YouTube Channel for PHP & it’s framework, WordPress, Node Js video tutorials. You can also find us on Twitter and Facebook.