Why would a session expire too quickly?

Common causes: low session timeout in server config, session store TTL (e.g. Redis), session cookie with no maxAge (browser cookie), or load balancer without sticky sessions or shared store. Check each layer.

What is the difference between session timeout and cookie maxAge?

Session timeout is server-side: how long the server keeps the session. Cookie maxAge is client-side: how long the browser keeps the cookie. Both must be long enough. A session cookie (no maxAge) is deleted when the browser closes.

Can a load balancer cause session expiry?

Yes. If the load balancer does not use sticky sessions and the app stores sessions in memory, each request may hit a different server with no session. Use a shared session store (Redis, database) or enable sticky sessions.

Search guides

Fix a session that expires fast

We'll find the session timeout in server config, session store, or cookie—and fix it, or identify when a load balancer or proxy is dropping sessions.

Category: Troubleshooting · Home maintenance
Time: 15–30 min
Last reviewed: Mar 6, 2026

What you'll need

Access to the server or app config
Knowledge of the session store (memory, Redis, database)

Quick triage — pick your path

Get started

Choose the option that matches what you see. You can jump straight to that section.

Follow this guide Work through the full procedure from confirming the pattern to fixing config.
Confirm the expiry pattern You need to note when the session expires (fixed time, refresh, browser close).
Fix server timeout You want to increase the session timeout in the app config.
Fix session store The session store (Redis, etc.) may have a short TTL.
When to contact support You have tried the fixes and the session still expires too fast.

Show full guide

Steps

Goal: Find and fix the session timeout in server config, session store, or cookie—or identify when a load balancer is dropping sessions.

Note when the user is logged out: after a fixed time (e.g. 5 min), on page refresh, or when the browser closes.
Good: Fixed time—check server timeout and store. Proceed to Fix server timeout.
Bad: On refresh—check load balancer and shared store. Proceed to Fix session store.

Confirm the expiry pattern

Goal: Understand when the session expires so you know which layer to fix.

Fixed time: server timeout or store TTL. Refresh: session not persisting (load balancer, store). Browser close: session cookie with no maxAge.
Good: You know the pattern. Proceed to the matching fix path.

Fix server timeout

Goal: Increase the session timeout in the app config.

Find the session config: PHP session.gc_maxlifetime, Express session.cookie.maxAge, Django SESSION_COOKIE_AGE, etc. Increase the value (e.g. 3600000 for 1 hour in ms).
Set the session cookie maxAge to match. A session cookie with no maxAge is deleted when the browser closes.
Restart the app and retest. You should see the session last as long as configured.
Good: Session lasts as expected. Bad: Still expires—check the session store TTL.

Fix session store

Goal: Ensure the session store TTL matches or exceeds the session timeout.

If you use Redis, Memcached, or a database, check the store TTL. Ensure it is at least as long as the session timeout.
If sessions expire on refresh and you use a load balancer, enable sticky sessions or use a shared session store so all servers see the same session.
Good: Session persists. Bad: Cannot change load balancer—contact infrastructure support.

When to get help

You have adjusted timeout, store, and cookie and the session still expires too fast. Capture the session config, store type, and load balancer setup. Contact backend or infrastructure support.
The session expires on refresh and you cannot enable sticky sessions or a shared store. Escalate to infrastructure.

Verification

The session lasts for the configured duration (e.g. 1 hour) without logging the user out.
The session persists across page refresh when using a shared store or sticky sessions.
The session cookie in DevTools has an Expires attribute when maxAge is set.

Escalation ladder

Work from the device outward. Stop when the problem is fixed.

Confirm pattern Note when the session expires (fixed time, refresh, browser close).
Server timeout Increase session timeout in app config (session.gc_maxlifetime, maxAge, etc.).
Session store Check session store TTL (Redis, database) and ensure it matches.
Cookie maxAge Set session cookie maxAge for long-lived sessions.
Load balancer Enable sticky sessions or use shared session store.
Contact support Escalate with config, store type, and load balancer setup.

What to capture if you need help

Before calling support or posting for help, have these ready. It speeds everything up.

Session timeout value in app config
Session store type and TTL
Load balancer type and sticky sessions
Cookie maxAge from DevTools
Steps already tried

Does the session expire after a fixed time or on refresh?

Fixed time points to server timeout or store TTL. Refresh points to session not persisting (load balancer, store).

Note when the user is logged out: after X minutes, on page refresh, or when the browser closes. Good: Fixed time (e.g. 5 min)—check server timeout and store. Bad: On refresh—check load balancer and shared store.

Fixed time On refresh

You can change your answer later.

Is the server session timeout too low?

Check session.gc_maxlifetime, session.cookie.maxAge, SESSION_COOKIE_AGE, or equivalent in your framework.

Find the session timeout in your app config. Increase it (e.g. 3600000 ms for 1 hour). Restart the app. Good: timeout increased and session lasts longer. Bad: still expires—check the session store TTL.

Yes No

You can change your answer later.

Increase session timeout and cookie maxAge

Set the session timeout in the app config. Set the session cookie maxAge to match. Restart and retest. Good: session lasts as expected. Bad: session store TTL may be shorter—check Redis or database.

Done

Is the session store TTL too short?

Redis and other stores have TTL. Ensure it matches or exceeds the session timeout.

Check the session store TTL. Redis: check the key TTL. Ensure it is at least as long as the session timeout. Good: TTL fixed. Bad: session expires on refresh—check sticky sessions or shared store.

Done

Use sticky sessions or shared session store

When sessions expire on refresh, the load balancer may be sending requests to different servers with no shared session.

Enable sticky sessions on the load balancer, or use a shared session store (Redis, database) so all servers see the same session. Good: session persists across refresh. Bad: cannot change load balancer—contact infrastructure support.

Done

Reviewed by Blackbox Atlas

Frequently asked questions

Why would a session expire too quickly?: Common causes: low session timeout in server config, session store TTL (e.g. Redis), session cookie with no maxAge (browser cookie), or load balancer without sticky sessions or shared store. Check each layer.
What is the difference between session timeout and cookie maxAge?: Session timeout is server-side: how long the server keeps the session. Cookie maxAge is client-side: how long the browser keeps the cookie. Both must be long enough. A session cookie (no maxAge) is deleted when the browser closes.
Can a load balancer cause session expiry?: Yes. If the load balancer does not use sticky sessions and the app stores sessions in memory, each request may hit a different server with no session. Use a shared session store (Redis, database) or enable sticky sessions.

Rate this guide

Was this helpful?

Step-by-step diagnostic

Quick triage — pick your path

Get started

Steps

Confirm the expiry pattern

Fix server timeout

Fix session store

When to get help

Verification

Escalation ladder

What to capture if you need help

Does the session expire after a fixed time or on refresh?

Is the server session timeout too low?

Increase session timeout and cookie maxAge

Is the session store TTL too short?

Use sticky sessions or shared session store

Frequently asked questions

Rate this guide

Continue to

You might also like