CakePHP and the Session.timeout SNAFU

As I’ve mentioned before, my CMS, cms34, is built on the CakePHP framework. I love CakePHP, but it’s not perfect.

A client contacted me last week, reporting that customers using her website — specifically, a complex form that might take 30 or more minutes to complete — were having their sessions timeout during that process. Now, yes, you may point out (and you would be right) that this is an excellent scenario for using AJAX to save a draft of the users’ form data, or at least ping their session to keep it alive. And you would be correct. But there are two reasons I did not take this path in response to the problem: 1) I’m trying to remember to follow the web standards principle that JavaScript should be used only to enhance functionality, but the site should still work even with it turned off (though in practice I often forget to honor this principle), and 2) the site is in its peak of activity this week, and it would be daft to implement a major functionality change in the form right now — not enough time for adequate testing.

So, the task at hand was simply to increase the session timeout period, so users could stay on the form for a longer time without losing their sessions.

Seems easy enough. The CakePHP config.php file has some settings that play directly into this: Session.timeout and Security.level.

Session.timeout is an integer representing the number of seconds in the session. Well, not exactly. It’s a multiplier value, and the actual session timeout duration is determined by multiplying Session.timeout by the value associated with Security.level, which itself has three possible values: high, medium and low, corresponding respectively to ×10, ×100 and ×300.

I already had Security.level set to low and Session.timeout set to 1800, so really, the sessions should have stayed alive for over six days of inactivity. And yet, sessions were timing out after about 20 minutes. What gives?

What gives is another value in the config.php file:

CakePHP offers a number of ways to store session data, but the default value is php, which means it uses the built-in session functionality in PHP. The problem is, PHP has its own session timeout setting (in the php.ini file), and frankly my dear, PHP doesn’t give a damn what CakePHP’s session timeout setting is. And so, with left at its default php value, my sessions were timing out after 20 minutes (the PHP default) no matter what I changed in config.php.

So, an experiment: I decided to change to cake, which tells it to use CakePHP’s own session cache, located inside your CakePHP application under app/tmp/sessions. (Be sure that path is fully writable by Apache!)

Success! I left a browser window open on my test site overnight, and the session was still active the next morning. But along the way in my troubleshooting, I had changed my Session.timeout value to 14400, which when combined with the Security.level setting of low (that is, when multiplied by 300), had my sessions enduring for a ridiculously long 50 days! Some quick work with a calculator (although, in retrospect, I ought to have been able to divide 14400 by 50 in my head) told me to set Session.timeout to 288 if I wanted my sessions to last for 24 hours.

Get Simpsonized!

Yeah, I’m a tool. But Burger King’s viral marketing tactics are actually pretty amusing. (Even the XBOX games.)

So, as a brilliant tie-in with the new movie, BK offers you the chance to “Simpsonize” yourself! So far I haven’t been able to get all the way through it without an error. Maybe it doesn’t even work. But it’s mildly amusing along the way.

Call it “Rush for Neophytes”

If you’ve been following my recent blog entries (or if you just care to scroll down the list of articles right now!), you’ll know I’ve been going through a bit of a “Rush Renaissance” lately.

I first got into these guys back in high school (of course), almost 18 years ago. My interest in them waned after I moved on to more obscure progressive rock bands, but by the early part of this decade, after I had bored of most prog rock, I actually found myself drawn back to Rush, and I’ve listened to them more than any of the other bands in this nebulous genre over the past five years. But something clicked a month or so ago, and I’ve rekindled an obsession with the band that may in fact be even stronger than it was at its peak when I was a scrawny teenager with a learner’s permit.

On Sunday, much to my surprise, I actually heard “New World Man” on KQRS. While it’s certainly not that unusual for Rush to be on the radio, I don’t believe I’d ever heard this particular track on the airwaves.

Inspired by this radio surprise, I started to think about what might go onto a CD of the band that I could use to introduce new people to their music. Personally, my first exposure was listening to the live A Show of Hands album in its entirety. Even though most prog maniacs generally consider the band’s 1977 to 1981 period (from A Farewell to Kings through Moving Pictures) to be its best, I think the end of that period, overlapping into the next, say, from 1980’s Permanent Waves through 1985’s Power Windows, is best for an introduction. The early ’80s songs are a bit more accessible to an unindoctrinated ear than what preceded, yet they are of higher quality than the weaker material of the late ’80s and early ’90s.

With that in mind, I’ve prepared a track list for a 79-minute CD spanning from 1980 through 1985 (with a nod to the earlier era at the end), that I think would serve as a near-ideal introduction to the band for a new listener. Here we go:

  1. The Spirit of Radio (Permanent Waves, 1980)
  2. Limelight (Moving Pictures, 1981)
  3. Subdivisions (Signals, 1982)
  4. Tom Sawyer (Moving Pictures, 1981)
  5. Distant Early Warning (Grace Under Pressure, 1984)
  6. Marathon (Power Windows, 1985)
  7. New World Man (Signals, 1982)
  8. YYZ (Moving Pictures, 1981)
  9. Freewill (Permanent Waves, 1980)
  10. Natural Science (Permanent Waves, 1980)
  11. The Enemy Within (Part I of ‘Fear’) (Grace Under Pressure, 1984)
  12. The Weapon (Part II of ‘Fear’) (Signals, 1982)
  13. Witch Hunt (Part III of ‘Fear’) (Moving Pictures, 1981)
  14. La Villa Strangiato (Hemispheres, 1978)

We start off with some of the band’s most accessible (and, once upon a time, popular) tracks. I’ve heard all of the first four tracks with some regularity on classic rock radio. Next we move into a few of the great but probably less familiar mid-’80s tracks. After a couple more “fan favorites,” I move into longer pieces that hint at what a new listener will discover if they go back into the extended late ’70s tracks, including the “Fear” trilogy that is rarely heard together in sequence.

OK, Rush fan(s). Let’s hear what you think!