Guides & TutorialsSecuritySecurity SettingsIncreasing the time until logout

Increasing the time until logout


After a period of inactivity without navigating between pages within WHMCS, the system will automatically log admins and users out of WHMCS. This period of time is the login session length.

Your server's PHP configuration's session.gc_maxlifetime value defines the login session length in seconds. The default value is 1440 seconds (24 minutes).

After a login session has been inactive for longer than the defined length of time, PHP marks it as garbage. PHP's garbage collection will delete the login session file. This logs the user or admin out of WHMCS. They must log in again before making any further changes.

Increasing the login session length

To increase the login session length, edit the php.ini configuration file on your server to increase the session.gc_maxlifetime  variable to the desired login session length in seconds.

Some server configurations allow you to change the PHP configuration for WHMCS by creating a php.ini file within the WHMCS directory. In that situation, you could add the following line:


This will increase the login session length to a minimum of one hour.

Contact your hosting provider or system administrator for help customizing your server's PHP configuration.

Multiple PHP Scripts

According to PHP's documentation, if multiple scripts store their login session files to the same session.save_path location, PHP will use the shortest login session length. Because of this, if there are multiple PHP scripts on the same hosting account as WHMCS, one may override the value in the php.ini file with a shorter length.

If you observe sessions ending quicker than the defined session lifetime, we recommend separating other PHP scripts out from WHMCS. This will ensure that the system uses the PHP-defined login session lifetime setting.