[Seaside-dev] Issue 96 in seaside: some fancier methods built in for how sessions expire

[codesite-noreply at google.com]

Issue 96: some fancier methods built in for how sessions expire
http://code.google.com/p/seaside/issues/detail?id=96

Comment #2 by ramon.leon:
A good example would be running an adwords campaign on a PPC site, some 
the tools people use for
managing their campaigns are stupid and spider the hell out of 
thousands of urls on your site to reasons I'm
not fully aware of but I'm guessing to get the content and auto suggest 
keywords and such.

These things tend to hit your server once, maybe twice if they follow a 
redirect after a cookie, and that's it,
that session will never be used again.  A user however, tends to hit 
the site more than twice, so maybe make
them earn their session time out a bit.  Maybe there's a lower bound 
like 2 minutes for the first couple of hits
but once they hit more than 3 times the timeout starts climbing up to 
the upperbound.

I could think of a better solution if JavaScript were allowed, bots 
don't tend to run it JavaScript, so a single
initial JavaScript xmlhttp request could be kicked out at the beginning 
of a new session and that callback
being activated could validate this is likely a real user in a browser 
and immediately kick the session timeout
to the upperbound, otherwise the session could timeout very fast, say 1 minute.

I think the latter solution would work better, but I don't know how 
general it'd be, but it'd be a nice option to
have and bots wouldn't be such a problem.  I've had rouge bots knock 
down my site several times.  It resets
itself automatically of course, but that kills all the current users 
sessions, some of which might have been in
the middle of trying to give me their money!



-- 
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings