SessionStorage expiration time


I created authorization based on AuthenticationService with using SessionStorage.

Configured like:

    'session_config' => [
        'cookie_lifetime' => 60*60*24*30,     
        'gc_maxlifetime'     => 60*60*24*30,
		'remember_me_seconds' => 60*60*24*30,
		'use_cookies'	=> true,
		'cookie_secure'	=> true,
	'session_manager' => [
        'validators' => [
	'session_storage' => [
        'type' => SessionArrayStorage::class

and my session is valid during 30 days, but $this->authService->hasIdentity() starts returning null after one hour approximately, furthermore appropriate key in the $_SESSION array is absent.

Can someone, give me any information about expiration time for this storage and cleaning up mechanisms of its?

Hello and welcome to our forums! :smiley:

Neither the authentication service nor the session storage of laminas-authentication use the configuration of laminas-session on their own. So the important part here is how do you create your AuthenticationService object?

By invoking AuthenticationServiceFactory in config

use Interop\Container\ContainerInterface;
use Laminas\Authentication\AuthenticationService;
use Laminas\ServiceManager\Factory\FactoryInterface;
use Laminas\Session\SessionManager;
use Laminas\Authentication\Storage\Session as SessionStorage;
use Admin\Service\AuthAdapter;

 * The factory responsible for creating of authentication service.
class AuthenticationServiceFactory implements FactoryInterface
     * This method creates the Laminas\Authentication\AuthenticationService service
     * and returns its instance.
    public function __invoke(
        ContainerInterface $container,
        array $options = null
    ) {
        $sessionManager = $container->get(SessionManager::class);
        $authStorage    = new SessionStorage('Laminas_Auth', 'session', $sessionManager);
        $authAdapter    = $container->get(AuthAdapter::class);

        // Create the service and inject dependencies into its constructor.
        return new AuthenticationService($authStorage, $authAdapter);

Your factory looks good, actually.

But are you sure that 30 days and the remote address validator will work?

How I can verify if remote address validator works properly?