shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: Shiro session creation flooding.
Date Thu, 18 Jul 2013 16:26:11 GMT
<%@ page session="false" %> ?

This is a JSP/Servlet container thing and not Shiro related.

HTH,

Les

On Tue, Jul 16, 2013 at 2:45 AM, Albert Kam <moonblade.wolf@gmail.com>wrote:

> I notice that even as an anonymous user, a shiro session is created (and
> inserted into my db in my case) at my first access to a web page. After a
> successful login, the session record is simply updated with the appropriate
> attributes.
>
> Now i tried 'stress-testing' the main page url with :
>
>     curl -s "http://myapp.com?[1-1000]"
>
> And my fear came true as i count the created session is as much as the
> loop.
>
> So the question here is, is there anyway i can avoid having a session
> creation flood by a web crawler or a spammer ?
>
>
> --
> Do not pursue the past. Do not lose yourself in the future.
> The past no longer is. The future has not yet come.
> Looking deeply at life as it is in the very here and now,
> the practitioner dwells in stability and freedom.
> (Thich Nhat Hanh)
>

Mime
View raw message