You can define the following configuration options in your
Maximum duration of a normal session in seconds; if that time is over and the session has not been renewed, the session becomes invalid and is deleted from the server.
Renewing happens automatically in the background. You can read more about this in the guide.
If you tick the "keep me logged in" checkbox in the Panel, you get a "long" session, which has a longer duration and no activity timeout, so you can close the browser window and come back at any time within the configured duration.
The duration options above define the absolute session expiry. Like in Kirby 2, there is also an additional activity timeout: If the session wasn't seen for this time, the session also becomes invalid.
If you leave a Panel window open, the session never expires, even without clicking on anything.
The name of the session cookie
Expired sessions are automatically cleaned up from the
/site/sessions directory. To increase performance, this only happens every few requests.
You can also disable this process completely by setting the option to
false and then manually calling the garbage collector from a Cronjob.