shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <>
Subject Re: Shiro session creation flooding.
Date Thu, 18 Jul 2013 16:26:11 GMT
<%@ page session="false" %> ?

This is a JSP/Servlet container thing and not Shiro related.



On Tue, Jul 16, 2013 at 2:45 AM, Albert Kam <>wrote:

> I notice that even as an anonymous user, a shiro session is created (and
> inserted into my db in my case) at my first access to a web page. After a
> successful login, the session record is simply updated with the appropriate
> attributes.
> Now i tried 'stress-testing' the main page url with :
>     curl -s "[1-1000]"
> And my fear came true as i count the created session is as much as the
> loop.
> So the question here is, is there anyway i can avoid having a session
> creation flood by a web crawler or a spammer ?
> --
> Do not pursue the past. Do not lose yourself in the future.
> The past no longer is. The future has not yet come.
> Looking deeply at life as it is in the very here and now,
> the practitioner dwells in stability and freedom.
> (Thich Nhat Hanh)

View raw message