I notice that even as an anonymous user, a shiro session is created (and
inserted into my db in my case) at my first access to a web page. After a
successful login, the session record is simply updated with the appropriate
attributes.
Now i tried 'stress-testing' the main page url with :
curl -s "http://myapp.com?[1-1000]";
And my fear came true as i count the created session is as much as the loop.
So the question here is, is there anyway i can avoid having a session
creation flood by a web crawler or a spammer ?
--
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)
