Eliminating Session Timeouts

This weekend, my mother told me about the trouble she had booking train tickets from Washington, DC to New York using Amtrak's online reservation system. She had to make the reservation three times because the first two times she took too long and the website timed out. As I listened to my mother's story, I felt proud because I knew she wouldn't have had the same problem if Spider Strategies wrote Amtrak's reservation system.

The problem my mother experienced is a common one for web applications. Most web applications operate using the notion of a session which is used to store information about the user that is logged on and the activities he or she is performing in the application. The trouble is that the session is periodically erased to save memory on the server. When the session is erased, the user's work is lost. In my mother's case, her reservation was erased.

In CMS, we avoid this problem by using dojo to fire off a request in the background every few minutes. These requests prevent a user's session from expiring as long as that user keeps his or her browser open. If the user closes his or her browser, the session will still be cleaned up so that the server doesn't fill up with old, unused sessions.

In addition to benefiting the usability of the application, this technique can also decrease the amount of memory devoted to sessions on the server. Typically a web application will have a session timeout of 30 to 60 minutes. With this technique the timeout can be decreased to a smaller number (e.g. every 5 minutes) as long as background request are fired faster than sessions are expired (e.g. every 2 minutes). Faster session timeouts means sessions are in memory for less time means less total memory will be needed for sessions.

If you're a software developer, I hope you find this technique useful and apply it to your application. If you're a user of CMS, you can rest easy knowing this technique is already in place so that you don't need to worry about losing your work.