Yes, that how you should set the session path. Of course, the "/var/www/sessions" folder has to be writable and when you check it there should be session files created by PHP.
Also, you said that you have changed the session expiration but I see that you are still using $cookieParams["lifetime"] instead of an actual number of seconds for which session cookie should be valid (like 86400 if you want the session to be active for 24 hours).
When you have things like this, you should not be logged out randomly for sure.
One other thing that can cause you problems is if you have LOGIN_FINGERPRINT set to true in your ASConfig.php file. When this value is set to true, AS will create a "fingerprint" which consists of your IP address and your browser information and check it whenever you call the ASLogin::isLoggedIn() method. The purpose of this is to prevent people who somehow stole your session cookie to continue using the app.
However, if your IP changes frequently, you will often be logged out and your session will be invalidated. So, if that's the issue in your case, then you will need to set this parameter to false so you can use the app properly.
So this is the code now in the ASSession.php
public static function startSession()
$cookieParams = session_get_cookie_params();
It still seems to be randomly logging me out if I'm inactive for a bit. Upon it logging me out and I try to log back in I get "Invalid CSRF token.". I am then required to refresh the login page before I can log back in. The invalid CSRF token part makes sense to me but I'm not quite sure why I'm being logged out so quickly.
Nope, that is not related to the path where session files are being saved.
Would I need to change "$cookieParams["path"]"?
If you set the expiration time as explained inside the docs, the sessions should not expire after 5-10 mins for sure.
The only reason why this might happen is if your server is deleting session files automatically because, by default, they are located inside the the /tmp folder and some servers are configured to automatically delete files from this folder after some period of time.
I would recommend you to change the path where sessions are being saved and use some other path that is not accessible via HTTP. You can change the path where session files are saved by adding the following line of code just before the session_start(); line inside the ASSession::startSession method:
I've noticed my sessions are expiring after around 5-10 minuets of inactivity. I have followed the documentation and changed it to 24 hours (in seconds) in both the ASConfig and my php.ini.