Latest enhancement

On 25 Jun 2019, CultBooking developers have launhed a new enhancement: ‘when user and web session expired after inactivity time, there is a modern refresh function inviting the user to refresh the application.’ Here is how end result looks like

How did we arrive to this point? and why it this an improvement?

Begining

In the past, when user session expired, the following error message was shown: ‘ Error File: /www/htdocs/CPC/dbOperations/hotelData/Hotel.php on line: 23 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ” at line 1’ , for desktop and mobile:

The above error message, does not say much and has no meaning for the end user. He does not know what is line 23, or what it means that there is a SQL syntax error. Also sends us to check the manual corresponding to Maria DataBase, and indicated to check the right syntax.

Asking our developers, to translate what this means, they indicated that the error message on CultBooking is refering to user/web session expired. I learned ‘it is a matter of security and preservation of identity’. Let us therefore learn more about this:

What is a session?

‘ A session identifies both parties of a transaction and establishes trust. When you log into a website like your email account or even connect to a database system like Oracle, it identifies you, creates a session. This is the way it knows it’s you that is asking for your emails, for instance, and not some unknown third party.

This is done by leaving some token or cookie (or any form of identification) in your machine.’

But why does it expire?

Maybe would have been easier to just keep this identification, making things easier.

‘This identification has to be transmitted on every request. Every time you ask for and receive data from the service, which in turn, exposes your identification token to be stolen.’

Also in our world of online bookings. You as property owner, make changes in availability and prices quite often as you have walks-in, new bookings from the online booking portals or just a change happened and new data has been inserted in the hotel software and channel manager. Therefore, the old data is not actual anymore.

‘ One of the many ways to deal with that is to expire sessions after some inactivity. The reasoning is simple; expiring sessions prevent someone that might have hijacked your cookie to use it latter against you.

Expiring sessions is far from being the ultimate solution, but it does provide some help in keeping the web safe.’

HTTPS is also fundamental, in order to encrypt your data on transmission. This function is already there and this article says more about it.

So how we dealt with this error messages showing after session expired? At the begining we just replaced the text with another text that is easier to understand by the end user. Here is the text and how it looked like:

‘ User session has expired. Please refresh the page to start again.’

Quite rudimental, but a small improvement compared to the encrypted text, using development language.

One of our distribution managers, made a suggestion on how to improve this aspect. She was that Trivago sessions also expire, but in a more smooth and elegant way.

CultBooking process was followed:

a) Designer looked at the requirement and example of improvement. CultBooking team and designer elected background image. Text has been produced in english and german.

b) Developer transformed the design into reality and implemented the solution to make it technically functional.

We are happy to have such a talented and committed team.

Support & Help

For questions and help, you can reach us via the contact form or directly by email: info@cultbooking.com

Sources

https://www.quora.com/Why-do-web-sessions-expire