In Hestia Control Panel, the session timeout for the web UI is by default set to 60 minutes. To change the session timeout, you need to modify the configuration file responsible for the web interface session management, as this setting is not available in the standard Hestia web UI options directly.
Commonly, Hestia’s session timeout is controlled by PHP session settings since the panel runs on PHP. To extend or change the session timeout, you typically adjust PHP session directives such as session.gc_maxlifetime either in the PHP configuration or within custom configuration files used by Hestia.
Because Hestia does not have a direct UI option to set session timeout, the recommended approach is:
- Access the server via SSH.
- Locate the PHP configuration that Hestia is using (for example,
php.inior the PHP-FPM pool config for Hestia). - Increase the
session.gc_maxlifetimevalue to the desired timeout in seconds (default is often 3600 seconds for 60 minutes). - Restart the PHP-FPM service and the Hestia service to apply changes.
This method adjusts how long PHP sessions remain active before expiration, effectively changing the session timeout for the Control Panel login.
If automatic logout for inactivity still occurs sooner, the front-end or web server timeout may also need adjustments (e.g., Nginx or Apache timeout settings used by Hestia).
Summary:
- Default Hestia session timeout is about 60 minutes.
- Change PHP
session.gc_maxlifetimeto increase session duration. - Restart relevant services after configuration changes.
- No direct UI option in Hestia for session timeout change, manual config is required.
Where is the session timeout setting in HestiaCP server configuration? How to increase it?
- The HestiaCP web UI session timeout is controlled mainly by PHP session settings because Hestia runs on a PHP-based backend.
- The key setting is
session.gc_maxlifetimewhich defines how long PHP sessions remain active in seconds. - By default in Hestia, this is often set to 1440 seconds (24 minutes) in the PHP configuration specific to Hestia, typically found under
/usr/local/hestia/php/lib/php.inior the PHP-FPM pool config for the Hestia user. - To increase the timeout, edit this PHP
inifile or PHP-FPM pool config and increasesession.gc_maxlifetime(e.g., to 3600 for 1 hour or more). - After changing, restart PHP-FPM and Hestia services to apply the change.
How to change PHP session timeout for sites managed by HestiaCP?
- For individual user sites or domains, PHP settings can be customized by creating or editing
php.inior.user.inifiles inside the site’s document root. - Alternatively, you can create or modify PHP-FPM pool configurations (
/etc/php-fpm.d/) templates used by Hestia. - These overrides affect PHP script execution and session behavior such as
max_execution_time,max_input_time, andsession.gc_maxlifetime.
Persisting session timeout across HestiaCP updates or restarts
- Avoid directly editing default Hestia template files because updates or domain rebuilds may overwrite them.
- Instead, add custom configuration snippets in override files, e.g., create extra config files named like
apache2.ssl.conf_customornginx.conf_customin the domain’s configuration directory under/home/USERNAME/conf/web/DOMAIN/. - For PHP-FPM settings, create or modify custom pool templates if necessary and register them with Hestia.
- This ensures session timeout changes persist across updates and server restarts.
Troubleshooting HestiaCP auto-logout from File Manager or SSH
- Auto-logout in File Manager is related to PHP session expiration (
session.gc_maxlifetime). - SSH auto-logout is unrelated to Hestia but controlled by SSH server settings like
ClientAliveIntervalandClientAliveCountMaxin/etc/ssh/sshd_config. SettingServerAliveIntervalon client side helps keep SSH sessions alive. - If unexpected logouts happen despite long PHP timeouts set, verify:
- Browser cookie policies or extensions aren’t clearing sessions prematurely.
- No reverse proxy or load balancer is timing out or resetting connections.
- Hestia user session settings (
Inactive session timeout) under Control Panel security settings match desired timeout.
Summary
| Setting/Action | Location/How-To | Purpose |
|---|---|---|
PHP session timeout (gc_maxlifetime) | /usr/local/hestia/php/lib/php.ini or PHP-FPM config | Controls length of web UI login session |
| PHP timeout for sites | .user.ini in site root or custom PHP-FPM pool configs | Customize PHP script behavior per site |
| Persistent custom configs | Create custom config files in /home/USER/conf/web/DOMAIN/ | Prevent overwrites during updates |
| SSH session keepalive | /etc/ssh/sshd_config and SSH client config | Prevent SSH auto-logout independently from Hestia |
Adjusting and combining these with service restarts resolves most session timeout and auto-logout issues in HestiaCP