changed the algorithm how sessions work:
- if the IP is banned or there is no a winix function then we set a temporary session
- else
if there is a session's cookie sent by the client then:
- if the cookie is a correct session's cookie then we set the session from the cookie
- or if the cookie is not a correct session's cookie (e.g. session expired) and the winix function
requires a cookie then we set a new session
- or if there is no cookie sent then if a winix function requires a session we create a new session
if there was an error creating a new session or event counters reach a ban limit then a temporary session will be used
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@1115 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
@@ -263,7 +263,7 @@ public:
|
||||
// default: 128 (value in the range <0 - 65535>)
|
||||
size_t session_hijacking_treshold;
|
||||
|
||||
// after how many times a client will be banned if it did not send a session cookie
|
||||
// after how many times a client will be banned (or given temporary session) if it did not send a session cookie
|
||||
// this can be a bot such as a Google Bot or just people connecting from a NAT and all have the same IP
|
||||
// default: 128 (value in the range <0 - 65535>)
|
||||
size_t no_session_cookie_treshold;
|
||||
|
||||
Reference in New Issue
Block a user