Sessions are no longer managed by PHP in 2.0, so gc_maxlifetime and other PHP settings will have no effect.
Sessions are managed using JSON Web Tokens. Here is full documentation on JWT.
Here is some of the documentation we’ve worked up thus far for 2.0:
- Access using JWT (primarily for admins)
- Access using JWT + API Key (better for regular users)
- Refreshing a JWT
As covered in the docs above, your DreamFactory instance respects the TTL and refresh TTL you set in your .env file. In Bitnami’s beta-3, these are set by default to:
DF_JWT_TTL=60
DF_JWT_REFRESH_TTL=120
The values are minutes. You may configure as desired.
Finally, we have implemented the ability to have a “forever session” similar to Facebook, where you’re logged in on a device until you’re explicitly logged out. This is enabled in your .env file using the DF_ALLOW_FOREVER_SESSIONS setting:
DF_ALLOW_FOREVER_SESSIONS=true
If this is enabled in .env then a user who does a POST /api/v2/user/session with
{
"email": "user@domain.com",
"password": "password",
"remember_me":true
}
will have a valid session indefinitely or until he DELETE /api/v2/user/session.