Best Way to handle Session Expiration

This post says that session management has been rewritten in DF2, so what is the best way now to set session duration for native android apps(other than browser).

The post mentions duration field doesn’t work in android apps. I tried setting gc_maxlifetime in php.ini file to its max value of 65535 but my session expires after 30minutes or so.

Sessions are no longer managed by PHP in 2.0, so gc_maxlifetime and other PHP settings will have no effect.

Sessions are managed using JSON Web Tokens. Here is full documentation on JWT.

Here is some of the documentation we’ve worked up thus far for 2.0:

As covered in the docs above, your DreamFactory instance respects the TTL and refresh TTL you set in your .env file. In Bitnami’s beta-3, these are set by default to:


The values are minutes. You may configure as desired.

Finally, we have implemented the ability to have a “forever session” similar to Facebook, where you’re logged in on a device until you’re explicitly logged out. This is enabled in your .env file using the DF_ALLOW_FOREVER_SESSIONS setting:


If this is enabled in .env then a user who does a POST /api/v2/user/session with

  "email": "",
  "password": "password",

will have a valid session indefinitely or until he DELETE /api/v2/user/session.

1 Like

Thanks! that makes a lot of sense. Once the wiki is complete it will make life easier for you and me for such trivial questions :wink:

1 Like