I have an AJAX worker they is called a API url every second. After 250-300 seconds, I don't get a valid response or a profile-token in case of the user was logged out. I have already configured the cookie_lifetime to 0 but it made no difference. Here's also my security.yml:
firewalls:
main:
pattern: ^/
anonymous: true
form_login:
login_path: /home
logout:
path: logout
handler: app.custom_logout
target: /home
The weird thing is, it seems completely random when a session expires. I have also reached over 1000 AJAX calls and on the other side only 300 calls.
I hope any one of you can help me.
PS: The AJAX calls are not only a JSON response, there are full generated twig templates (including a profiler).
I've found an answer for my question by myself.
You need to configure the gc_divisor, gc_probability and gc_maxlifetime. For example:
session:
cookie_lifetime: 0
gc_divisor: 10000
gc_probability: 1
gc_maxlifetime: 604800
After this configuration in your config.yml the chance that your session expire (because you have set cookie_lifetime to a specific time) is equal to zero.
Also have a look to the Symfony documentation of sessions: http://symfony.com/doc/current/reference/configuration/framework.html#session