G
George
Hi,
I am working on a web site and have a problem with how Session is handled by ASP.NET.
Let's say you have a successful web site and one day google (or yahoo) finds out about it.
So it decided to spider it.
So google's robot just came in and hit every page (within short period of time) on your website.
For simplicity you have 1000 pages on your website and google's robot does not preserve cookies.
So basically Google's bot just created 1000 session objects on your site.
Do you see a problem??
1. Just imagine that you have 10,000 pages
2. Your server's memory will be clogged with dummy sessions.
3. Look how easy to bring your site down. Just have a bot that will hit the same page from fast network.
The solution i see here is not to create Session object until user did something meaningful (Like login, added item to the shopping cart, ...).
So basically i would like the Session object not to be created for me automatically.
I wish i had an option to create Session object after request came in and was processed by my code and it was determined (browser has appropriate cookies set) that this request has a session attached to it.
Is there a way to do that in ASP.NET?
PS: As far as i know Yahoo's boot and Google's bots honor cookies. I am more concerned with how easy to bring server down just buy hitting it thousands of time quickly.
Thanks
George.
I am working on a web site and have a problem with how Session is handled by ASP.NET.
Let's say you have a successful web site and one day google (or yahoo) finds out about it.
So it decided to spider it.
So google's robot just came in and hit every page (within short period of time) on your website.
For simplicity you have 1000 pages on your website and google's robot does not preserve cookies.
So basically Google's bot just created 1000 session objects on your site.
Do you see a problem??
1. Just imagine that you have 10,000 pages
2. Your server's memory will be clogged with dummy sessions.
3. Look how easy to bring your site down. Just have a bot that will hit the same page from fast network.
The solution i see here is not to create Session object until user did something meaningful (Like login, added item to the shopping cart, ...).
So basically i would like the Session object not to be created for me automatically.
I wish i had an option to create Session object after request came in and was processed by my code and it was determined (browser has appropriate cookies set) that this request has a session attached to it.
Is there a way to do that in ASP.NET?
PS: As far as i know Yahoo's boot and Google's bots honor cookies. I am more concerned with how easy to bring server down just buy hitting it thousands of time quickly.
Thanks
George.