Session handling

Server settings

An administrator can change the following settings in 'Session Handling' in the Site administration.

Once someone logs in to your Moodle server, the server starts a session. The session data allows the server to track users as they access different pages.


Contents


Use database for session information

Moodle needs to store the session data in some storage. By default either file or database session storage is selected, this option allows admin to change it. Large installation should use memcached driver described below.

Note that this option disappears after setting the $CFG->session_handler_class in config.php file.


Timeout

If users don't load a new page during the amount of time set here, Moodle will end their session and log them out.

Be sure this time frame is long enough to cover the longest test your teachers may offer. If a student is logged out while they are taking a test, their responses to the test questions may be lost.


Cookie prefix

Most of the time, we can leave this blank, unless we are running more than one Moodle site on the same server. In this case, we will want to customize the name of the cookie each Moodle site uses to track the session. This enables us to be logged into more than one Moodle site at the same time.

Note: If you change "Cookie prefix" or "Cookie path" we will need to login again as the changes take effect immediately.


Cookie path

The relative path to this Moodle installation, this may be used to force sending of Moodle session cookie to parent directories. Invalid values are ignored automatically.


Cookie domain

This can be used to send session cookies to higher domains instead of just the server domain. This may be useful for some SSO solutions. Invalid values are ignored automatically.


Session drivers

User sessions may be stored in different backends. Session drivers can be configured only in config.php file - see examples in config-dist.php file.


Memcached session driver

The Memcached session driver is the fastest driver. It requires external memcached server and memcached PHP extension. Server cluster nodes must use shared session storage.

Configuration options in config.php:

$CFG->session_handler_class = '\core\session\memcached';
$CFG->session_memcached_save_path = '127.0.0.1:11211';
$CFG->session_memcached_prefix = 'memc.sess.key.';
$CFG->session_memcached_acquire_lock_timeout = 120;
$CFG->session_memcached_lock_expire = 7200;       // Ignored if memcached extension <= 2.1.0

Notes:

For windows users, PHP.net only supplies binaries for memcache, (and not memcached). (http://windows.php.net/downloads/pecl/releases/)

(As of 2.7, two different contribs exist for memcache session handling - see MDL-42011 - it seems the OU one doesn't use prefix/lock_expire for some reason... possibly better to use the catalyst patch, where the only difference to the above config.php is the spelling of memcache(d).)


File session driver

This driver is used by default in new installation.

Configuration options in config.php:

$CFG->session_handler_class = '\core\session\file';
$CFG->session_file_save_path = $CFG->dataroot.'/sessions';

Notes:


Database session driver

This type of driver was used by default in Moodle 2.0-2.5.

$CFG->session_handler_class = '\core\session\database';
$CFG->session_database_acquire_lock_timeout = 120;

Notes:


Redis session driver

Configuration options in config.php:

$CFG->session_handler_class = '\core\session\redis';
$CFG->session_redis_host = '127.0.0.1';
$CFG->session_redis_port = 6379;  // Optional.
$CFG->session_redis_database = 0;  // Optional, default is db 0.
$CFG->session_redis_prefix = ''; // Optional, default is don't set one.
$CFG->session_redis_acquire_lock_timeout = 120;
$CFG->session_redis_lock_expire = 7200;


See also