Magento 2 – change backend session timeout
One of the first things to do on every Magento live shop is to change backend session timeout. It is frustrating for a shop owner if he has to login every ten minutes. Most of our customers prefer backend session timeouts of about a day. With this he only needs to login once a day.
Magento 2 – change backend session timeout
Magento 2 offers you a backend option to set an admin session lifetime in seconds you like. Since Magento 2.1 this is combined with a browser session cookie, so a session is terminated if you close your browser. So if you set an nearly unlimited session timeout it can also run as long as your browser is open. This was done for security reasons.
You may set the value in: Stores->Settings->Configuration->Advanced->Admin->Security->Admin Session Lifetime
Valid values are between 60 (one minute) and 31536000 (one year). Both values are nonsense, but you will find a good value between. If you set this value to maximum, sessions may are stored one year. This may not be a good idea. My recommendation is to set it to one day (86400), or to maximum of a week (604800).
Database
You can also set this value directly in your database. For this change value for path admin/security/session_lifetime in your core_config_data table. There you can set the value also in seconds.
For such tasks a external database tool is a good idea. I can change such values in seconds. Most hosters only use phpmyadmin, and with login and password search this is much faster. If you do not have this possibility, you should use backend method instead.
Conclusion
A long session timeout is needed if you work a lot with Magento backend. Traders often want you to change backend session timeout if they are not changing products in a linked ERP program. It can be very frustrating to login every ten minutes.
