Making Sessions Smarter
Staction is built in PHP. For all it’s occasional syntax weirdness, it is an amazingly flexible and liberating language. PHP does so many things incredibly well, and we’re big fans.
One thing however that it’s not so great at (in our opinion) is session management. The default garbage collector from PHP isn’t perfect, and consistently removes session files that it shouldn’t, almost totally ignoring whatever setting you have for expiration time. It’s frustrating for us, and often causes untimely logouts for our users.
A few weeks ago we started working on a bespoke database driven session system for Staction. The first part came together much easier, and better than we expected. But we still had a problem. After launching the new programming on our dev server we were still getting booted and timed out. Or more to the point, I(Joe) was still getting booted out.
I’m a long time Safari user, and Brian, who was working on the programming, is on the Chrome side of life. Not everyone here was having the problem on Safari, so we started thinking maybe it was just me. After resetting Safari totally, the problem still persisted. Brian, who had also started using Safari as a daily browser for testing, started experiencing the problems, too.
Lots of research, and trial-and-error later we wound up here: http://discussions.apple.com/thread.jspa?messageID=12078357 -10 pages long of people with the exact same problem. Safari occasionally, and arbitrarily sends a new HTTP header without any session information. So after our WTF moment, we started thinking of a workaround.
After a couple other ideas that were non-starters, now once in every 50 calls (approx.) we regenerate the session data, duplicating it into a new session, wiping out the old data and sending the browser a new cookie.
We’re incredibly happy to tell you that since making that change we haven’t been logged out once on our dev server. On Safari, or any other browser.
This morning we pushed out the new session management programming to all Staction accounts. We hope to push it to all the other apps in the next couple weeks.
As we always like to learn from an experience, here are our takeaways:
- Don’t always assume the problem is with what you’re doing. Check external factors too.
- When you start to work on solving a problem, be prepared for the problem to evolve as you learn more about it.
- Make time for solving the little problems with your app. There is nothing glamorous or exciting about improving our session management programming. We can’t say “With sessions that actually keep you logged on!” on our sales site. But we think improving the foundations for these things helps make the app more satisfactory to use. You’ve got to do them, even if it would be more fun to work on email-in on Paprika, or new Jumpchart import/export features.