session timeout not working after roundcube 1.5.5 upgrade.

jitendra1980 · March 28, 2024, 08:44:42 AM

Dear Team,

We are using Iredmail 1.4.2.We have recently upgraded the roundcube 1.5.5 due to vulnerability issues but now session timeout is not working. It's already there in config.inc.php.

// Session lifetime in minutes
$config['session_lifetime'] = 20;

JohnDoh · March 29, 2024, 10:52:02 AM

Please explain what "is not working" means if you want a meaningful response.

jitendra1980 · February 20, 2026, 12:22:51 AM

Dear Team,

We have observed that the Roundcube webmail session is not disconnecting automatically. As per the configuration, the session should expire after 10 minutes of inactivity. However, even if the user does not log out manually, the session remains active for 24–48 hours.

Kindly check and provide the solution.

jitendra1980 · February 20, 2026, 12:23:51 AM

Current version is 1.60.10

JohnDoh · February 20, 2026, 03:56:07 PM

can you enable `$config['session_debug'] = false;` and provide the relevant, anonymised logs?

jitendra1980 · February 21, 2026, 03:19:17 AM

`$config['session_debug'] = false;` this setting is already available defaults.inc.php

which log you required can you confirm the log location

SKaero · February 22, 2026, 01:49:02 AM

Change the session_debug setting to true to enable the log and then post the resulting log file.

jitendra1980 · **Today** at 12:50:06 AM

Feb 23 11:04:28 srv3 roundcube[209349]: <9m2ku5sf> Session destroy: 9m2ku5sfeegii2umfdmagrsk1t
Feb 23 11:04:28 srv3 roundcube[209402]: <9vdk1rkc> Session destroy: 9vdk1rkcllu79jf5b87sfcue2a
Feb 23 11:04:31 srv3 roundcube[209349]: <9m2ku5sf> Session destroy: 9m2ku5sfeegii2umfdmagrsk1t
Feb 23 11:04:32 srv3 roundcube[209402]: <4h5t2qkh> Session regenerate: 9vdk1rkcllu79jf5b87sfcue2a -> 4h5t2qkhs9e1pn0d5asoe62bqb
Feb 23 11:04:36 srv3 roundcube[208944]: <9m2ku5sf> Session destroy: 9m2ku5sfeegii2umfdmagrsk1t
Feb 23 11:04:37 srv3 roundcube[207487]: <q0rn1ilr> Session destroy: q0rn1ilrau1m23qp0pgvdt304f
Feb 23 11:04:37 srv3 roundcube[207487]: <3nlsks9p> Session regenerate: q0rn1ilrau1m23qp0pgvdt304f -> 3nlsks9phouefjvi2sijfkv2rl
Feb 23 11:04:40 srv3 roundcube[208944]: <gdpfi7ja> Session regenerate: 9m2ku5sfeegii2umfdmagrsk1t -> gdpfi7jaugp6imh2n0h72r99kc
Feb 23 11:04:43 srv3 roundcube[207487]: <4h5t2qkh> Session destroy: 4h5t2qkhs9e1pn0d5asoe62bqb
Feb 23 11:04:49 srv3 roundcube[207487]: <nd1epj4j> Session destroy: nd1epj4jmqonh47ek4he6vb2b3
Feb 23 11:04:49 srv3 roundcube[207487]: <qk243etb> Session regenerate: nd1epj4jmqonh47ek4he6vb2b3 -> qk243etbn2g792b66befehmlgt
Feb 23 11:05:00 srv3 roundcube[208944]: <kqb4itme> Session auth check failed for kqb4itme0jpj3bh1hne7a03hca; timeslot = 2026-02-23 05:35:00
Feb 23 11:05:00 srv3 roundcube[209316]: <bcjqj33g> Session auth check failed for bcjqj33gdi6de2791kj8ll3hjc; timeslot = 2026-02-23 05:35:00
Feb 23 11:05:00 srv3 roundcube[209349]: <v2bspiqv> Session auth check failed for v2bspiqvtv6je037beq1e5i32i; timeslot = 2026-02-23 05:35:00
Feb 23 11:05:00 srv3 roundcube[209624]: <3u9vsqgj> Session auth check failed for 3u9vsqgj6kobelodee7u2bfrnc; timeslot = 2026-02-23 05:35:00
Feb 23 11:05:00 srv3 roundcube[207844]: <qtaa9552> Session auth check failed for qtaa9552d54lk5mo2a76mivdva; timeslot = 2026-02-23 05:35:00
Feb 23 11:05:00 srv3 roundcube[209816]: <k1q4878f> Session auth check failed for k1q4878f3amoelstah521et79o; timeslot = 2026-02-23 05:35:00
Feb 23 11:05:00 srv3 roundcube[207847]: <af56ujau> Session auth check failed for af56ujau19bjcedtfb3vsij3hs; timeslot = 2026-02-23 05:35:00
Feb 23 11:05:02 srv3 roundcube[209816]: <gdpfi7ja> Session auth check failed for gdpfi7jaugp6imh2n0h72r99kc; timeslot = 2026-02-23 05:35:00
Feb 23 11:05:02 srv3 roundcube[209402]: <4h5t2qkh> Session destroy: 4h5t2qkhs9e1pn0d5asoe62bqb