It notes the more common bots (google) and assigns them a timeout of 2
seconds.
I'm under the impression that bots (or just the Google bot?) don't do
sessions at all, no?
On Fri, Feb 20, 2009 at 1:44 AM, Michael Dinowitz
mdino...@houseoffusion.com wrote:
I use this in my
They do, but they are usually one shot sessions. Basically, most bots do not
keep state. When it hits one page and gets a session, the next page it hits
is treated as if it was a new visit. In other words, a new session. The
amount of bots that keep state and have a single session were rare but
Bottom line is that if you have session turned on, every visitor will have
a session.
But not until you set a session var, right?
On Fri, Feb 20, 2009 at 6:30 AM, Michael Dinowitz
mdino...@houseoffusion.com wrote:
They do, but they are usually one shot sessions. Basically, most bots do
Bottom line is that if you have session turned on, every visitor will have
a session.
But not until you set a session var, right?
No, the session will exist if you've enabled session management,
regardless of whether you create any session variables yourself.
Dave Watts, CTO, Fig Leaf
No, just running a cfapplication tag or Application.cfc with a session
enabled creates the session (CF has to create the SESSION scope to
store the session ID).
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/
2009/2/20 John M Bliss bliss.j...@gmail.com:
It notes the more common bots (google) and assigns them a timeout of 2
seconds.
I'm under the impression that bots (or just the Google bot?) don't do
sessions at all, no?
Most crawlers do not return cookies, and since session management
generally depends on cookies, each request from the
-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com]
Sent: 20 February 2009 12:48
To: cf-talk
Subject: Re: HTTP_USER_AGENT question
Bottom line is that if you have session turned on, every visitor
will have
a session.
But not until you set a session var, right
I learn something every day. Thanks, ya'll.
On Fri, Feb 20, 2009 at 6:49 AM, Dave Watts dwa...@figleaf.com wrote:
It notes the more common bots (google) and assigns them a timeout of 2
seconds.
I'm under the impression that bots (or just the Google bot?) don't do
sessions at all,
2009 12:48
To: cf-talk
Subject: Re: HTTP_USER_AGENT question
Bottom line is that if you have session turned on, every visitor
will have
a session.
But not until you set a session var, right?
No, the session will exist if you've enabled session management,
regardless
in the
first place.
~Brad
- Original Message -
From: John M Bliss bliss.j...@gmail.com
To: cf-talk cf-talk@houseoffusion.com
Sent: Friday, February 20, 2009 7:20 AM
Subject: Re: HTTP_USER_AGENT question
Interesting. That seems like a more server-memory-friendly approach.
Wonder
- Original Message -
From: John M Bliss bliss.j...@gmail.com
To: cf-talk cf-talk@houseoffusion.com
Sent: Friday, February 20, 2009 7:20 AM
Subject: Re: HTTP_USER_AGENT question
Interesting. That seems like a more server-memory-friendly approach.
Wonder why Adobe CF does not do
I came across an idea of using HTTP_USER_AGENT to identify a bot
... assuming it gets in despite the robots.txt file.
Not a very good idea. HTTP_USER_AGENT will help you identify ONLY good
bots that
actually comply with the robots.txt file anyway.
Any bad bot with some ill intent will be
the session will exist if you've enabled session management,
regardless of whether you create any session variables yourself.
Exact: would it be for the session ID.
~|
Adobe® ColdFusion® 8 software 8 is the most important and
I'm under the impression that bots (or just the Google bot?) don't do
sessions at all, no?
No bot nor browser do session. Your application makes them.
The problem with bots is that they do not keep session ids in cookies,
the your application
is creating a new session for every page, which can
, February 20, 2009 9:51 AM
Subject: Re: HTTP_USER_AGENT question
You've not built many sites with a public-facing, no-sessions-needed
front-end and some admin and/or members-only interfaces that require auth?
That describes 2/3 of the sites I've built
It's trivial to fake this header and many bad bots (i.e. the ones that
ignore robots.txt) will pretend to be IE or another browser.
Claude S has posted his solutions in the past and that should all be
in the archives.
mxAjax / CFAjax docs and other useful articles:
Yeah, as a general rule-- never base security off anything in the cgi
scope. Anything that comes in the request header can be spoofed.
~Brad
Original Message
Subject: Re: HTTP_USER_AGENT question
From: James Holmes james.hol...@gmail.com
Date: Thu, February 19, 2009 11:47 pm
I use this in my application.cfc right at top. It notes the more common bots
(google) and assigns them a timeout of 2 seconds. You can use the same logic
for whatever you want.
IF
(REFindNoCase('Slurp|Google|BecomeBot|msnbot|ZyBorg|RufusBot|EMonitor|java',
cgi.http_user_agent))
18 matches
Mail list logo
