Re: [Phplib-users] robots and session-id's
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] robots and session-id's
|
From: Joe S. <jo...@be...> - 2002-03-08 16:54:52
|
On Fri, Mar 08, 2002 at 05:46:50PM +0100, Sascha Weise wrote: > > >I thought session IDs timed out, so even is your site was indexed with > >session IDs they would/should not be valid when a search user comes back > >to the site and your software should generate a new ID. > > IMHO there's no validity-check of the id's. > I may be completely wrong, but that was my conclusion after I tested to > request urls with SESSIDs which I had deleted before from the > active_sessions-table or with "unvalid" SESSIDs like "...=01". > As result I found these ids in afterwards in the active_sessions-table again. > There was definitely NO NEW ID created if there was ANY sessionid found. > > If that was a stupid test, please let me know. > This is known. And another reason not to use get fallback on ecommerce sites. Also phplib's garbage collection of stale sessions doesn't delete old sessions all the time. Mr. Chaney has proof again: http://marc.theaimsgroup.com/?t=95599153200002&r=1&w=2 He suggested a REFERER check to see if it was an internal link. http://marc.theaimsgroup.com/?l=phplib&m=96732284720675&w=2 He has now written his own auth library I believe and doesn't use phplib session and auth. Joe > > Sascha. > |
