Introducing G2.ai, the future of software buying.Try now
  1. Home
  2. ...
  3. Website Security Software
  4. Cerber Security, Antispam & Malware Scan
  5. Cerber Security, Antispam & Malware Scan Discussions
  6. Wordpress User session duration - how derived ?
Keith C.
KC
Expand/Collapse Social Share Options

Wordpress User session duration - how derived ?

I have installed WP Cerber in the last week and have been looking at Sessions on the Dashboard. I see an Admin session that was created in Aug 2020 and Expires in Aug 2021. I see recent sessions that have an expiry of two days from creation. These are sessions created by me on my PC. The longer one from last Aug is actually one used by my wife. These sessions are all Admin users. I logged in on my phone over a 4G connection (not home router) and have a 14 day duration before expiry. How is the duration of the session or expiry date set ? Thanks, Keith.
2 comments
Looks like you’re not logged in.
Users need to be logged in to answer questions
Log In
Keith C.
KC
0
Greg - Thanks for your reply. It was only when I installed WP Cerber that I became aware of all the sessions that we had. There are only two unique users - both Admin. I have cleaned up and terminated all old sessions. We have logged out and logged back in on all active sessions and the duration is now set to a new value that I have set for cookie duration. So all looks as expected. They are deleted now, but we did have sessions with a 365 day duration. One thing I also changed was the Jetpack configuration "Allow users to log into this site using WordPress.com accounts". This was set and has now been disabled. I am not sure if this was a factor but it had been set some years ago and it is not a feature we want to use going forward.
deleteedit
Looks like you’re not logged in.
Users need to be logged in to write comments
Log In
Reply
Gregory M.
GM
Gregory M.
Keep moving forward
Expand/Collapse Options
Report a Concern
You need to know that any plugin can alter the default user sessions expiration time using any logic it has. A plugin can do it on a per-user or per-role basis. Or based on any other condition. For instance, Jetpack can set a different expiration time for WordPress.com accounts and leave the default one for the local website users.
deleteedit
Gregory M.
GM
Keep moving forward
0
By default, WordPress user sessions expire in 48 hours after logging in, or 14 days if you check the “Remember Me” box on the login form. You can specify your own value on the User Policies admin page. See "User session expiration time". There is no default value for this setting. If it's not specified, the default WordPress value is used. Note that the session expiration time can be set (altered) by another plugin.
deleteedit
Looks like you’re not logged in.
Users need to be logged in to write comments
Log In
Reply
Already have Cerber Security, Antispam & Malware Scan?

About Cerber Security, Antispam & Malware Scan

WP Cerber is a robust security solution that vigorously defends WordPress websites against hacker attacks, spam, and malware, while ensuring blazingly fast and reliable performance by design. Our spe
Discover More