DEV Community

Priyadarshini Chettiar
Priyadarshini Chettiar

Posted on

Fixing the session timeouts

#phpmyadmin #entra #oidc

Hi,
This is a short post about the issue that my team had faced since I missed something crucial.

Context -
I had migrated the phpmyadmin auth from ldap to entra based authentication, and the migration was successful and everything seemed to work as expected. A session timeout issue was later reported 3 days post this migration.

Solution-
This is a simple migration, the solution was direct, just to add the session timeouts. But how do you make sure you are actually the real issue of session timeout.

  1. You need to understand what's the exact reason for session timeout phpmyadmin 's internal session or its because of OIDC settings.

The file path is subject to change - if you're on Nginx or a containerized setup, none of those file paths apply, so kindly check the file paths first.

  1. Check for the session timeouts in phpmyadmin

    • The variable to check - LoginCookieValidity
    • The file to check - config.inc.php
    • You will have to locate this file for your app, while the common path is /etc/phpmyadmin/config.inc.php
    • You need to check the line $cfg['LoginCookieValidity'] = 1440; ** ( This is the default ttl , i.e. **1440 seconds / 60= 24 mins)

  2. Check the OIDC session timeout

    • The parameter to check OIDCSessionInactivityTimeout
    • This belongs to mod_auth_openidc module, an OpenID Connect relying party module for the Apache HTTP Server.
    • The file to check - auth_openidc.conf
    • The file path may differ with respect to the server, operating system, Host/vhost setup.
    • If no timeout value is passed to the configuration, the timeout value is set to default value i.e is 300s / 60= 5 minutes

  3. You have answer the question - how long are you idle before getting timed out — about 5 minutes, about 25 minutes, or longer? And does it kick you back to the Microsoft login page, or to the phpMyAdmin login form?

  • Your answer would decide if we have to change the TTL of Microsoft Entra OIDC or Phpmyadmin.
  • If issue is found with OIDC then open your config file and add the below lines to the OIDC configuration 
# Set the idle session timeout to 30 minutes (1800 seconds)
OIDCSessionInactivityTimeout 1800

# Frequently paired with max session duration (e.g., 8 hours max)
OIDCSessionMaxDuration 28800
Enter fullscreen mode Exit fullscreen mode
  • If the issue is found with phpmyadmin then edit the config file commonly at /etc/phpmyadmin/config.inc.php
  • Change the below line to your TTL value, note here 7200s /60 = 2 hrs

$cfg['LoginCookieValidity'] = 7200;

Post making changes the config files, make sure you do the below-

  • Validate that they are syntactically correct.
  • Reload or Restart the affected services. Incase of apache you can use the below to check syntax and reload 
apachectl configtest
systemctl status apache2
Enter fullscreen mode Exit fullscreen mode
  • Check the status of the affected services.
  • Cross validate internally if the issue is resolved or still persists.

Final Words

  1. Before starting any migration make sure you take a backup of the required configuration files and applicable data to aid in rollback incase of any failure.
  2. Always create a plan, get it approved by your experienced peers or any AI companion, to find the missing pieces, before hitting the production.
  3. Never risk a production config setup by comparing it with the non production environments, most company keep it simple at non prods to avoid complications during development of the application. While production can be a complete complex structure.

Hope you find this helpful.

Top comments (0)