drew-hoffman
commented
9 years ago The db load generated by robots should be very small. I don't see this as a useful feature.
Closed igorshubin closed 9 years ago
drew-hoffman
commented
9 years ago The db load generated by robots should be very small. I don't see this as a useful feature.
igorshubin
commented
9 years ago Yes, maybe (or may be not), but still this could keep sessions table clean and keep needed queries faster. From the other hand It seems like this is not hard thing to implement.
Thanks for comment.
hellofarhan
commented
9 years ago Yes. this is good feature because everyday session table is filling by these kind of robots. It looks like not small. And also if you use varnish cache there is another problem same like this. I made small hack to fix varnish cache problem.
igorshubin
commented
9 years ago Yes, concerning sessions table and cache there is another buggy thing, which is outside current request, but still can be very annoying. When db cache_on IS enabled - sessions query also use cache, so it is impossible to have fresh user status, for example. I suppose we need some onetime "cache off" before sessions db query, this will prevent from getting old session data into logic. Something like described here: http://stackoverflow.com/questions/4424565/codeigniter-how-to-avoid-database-caching-for-sessions/29076372#29076372
ivantcholakov
commented
9 years ago -1
If something goes wrong with session management in the exceptional case, only the bot will "see" the error, not the developer.
If a robot somehow found a link and tried to index a non-public page, it should be redirected to a login page. For this to happen, the session library (on which authentication usually relies) should work.
narfbg
commented
9 years ago This would be wrong in at least three different ways, but most notably - it assumes that you always have a session, which is a bad thing to do in the first place. You shouldn't create a session for a user that isn't logged in.
Connections with 'cache_on' are now forbidden: 737a5660c09e844d44969d1b7e8165b5f0296e37
andrefrcastro
commented
9 years ago Even with garbage collection, we have quite a big session table, about 200,000 records. It's true that bots and other agents create some garbage on the table. Don't know for sure what % in our case.
Im not referring to the login or caching issue, i think that's another topic, im just referring to have bot requests that are creating records on the session table, just by pinging the URL. I think this happens if you auto load the session library.
I think it depends on the usage you make of sessions, sometimes sessions are not used just for login/authentication, which is our case. We indeed use session on every request because our app requires to.
I dont think bots are really a problem, but just wanted to add my 2 cents.
Thу idea of this feature is to decrease database load by avoiding db queries in session class for Bots. This can be implemented in config like: $config['sess_no_robots'] = true; And then in session logic if we have "is_robot()" case we just wouldn't create db queries.
Thanks!