Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] Googlebot/Spider session id killer


Ian

Recommended Posts

Ian,

hope you could assist me , i am having SSL issues, goign from nonssl to ssl i seem to be loosing my connections.. I am able to log on and it will take me to the secure welcome page, when i view my product it shows me the non ssl pages and i have my log on box appear again.. and when i shop and check out i have to log on again...

 

any ideas how to fix this.

Link to comment
Share on other sites

  • 1 month later...
  • Replies 191
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

OK.. I'll just take my chances... I need my site to be bilingual.. And the SID killer - the way it is now - is just messing with this function too much.

 

Nowhere did I find how to address this problem... EN language just take over all the time, even is it's not default!

 

But anyway, seems like this is fading away as nothing serious has been made since a year or so... **good grief**

 

I'll buy Burt's eBook - he better have a way to address this little secret for him being such a SID Killer promoter...

It ain't easy being me either

Link to comment
Share on other sites

I'm getting sessions of various lengths created from the following server:

cache-loh-ab01.proxy.aol.com

What's unusual is it mostly just repeatedly accesses the login page. At first I thought it was a customer who couldn't remember password, etc. But after adding some code to log this, nothing turned up.

 

Does anyone there know anything about this? Is it a spider, etc?

 

Thanks,

Brian.

Link to comment
Share on other sites

  • 1 month later...

I'm trying to install SID Killer v1.2 (Feb 20th 2003) on a OSC 2.2ms2, in the instructions said:

 

 

.
.
.
Now you need to edit /includes/functions/html_output.php

.
.
.
and finally 

find the lines

   if (isset($sid)) {
     $link .= $separator . $sid;
   }
and change to

   if (isset($sid) && ( !$kill_sid ) ) {
     $link .= $separator . $sid;
   }

an that's it.

 

 

I don?t find this lines:

 

if (isset($sid)) {

$link .= $separator . $sid;

}

 

 

Any suggestion?

Link to comment
Share on other sites

I have read through the 19 Pages. So Im getting a basic understanding. Before I install, I was wondering if the SSL and Non SSL issues have been resolved?

 

I am on a shared secure server so my domain looks like this:

http://www.mydomain.com

 

But when secure it looks like this:

https://srv01.datona-1.com/mydomain.com

 

thanks

tammy

Link to comment
Share on other sites

Now you need to edit /includes/functions/html_output.php

 

.

.

.

and finally

 

find the lines

 

  if (isset($sid)) {

    $link .= $separator . $sid;

  }

and change to

 

  if (isset($sid) && ( !$kill_sid ) ) {

    $link .= $separator . $sid;

  }

 

an that's it.

 

I found that $sid should be $_sid:

find the lines

 

  if (isset($_sid)) {

    $link .= $separator . $_sid;

  }

and change to

 

  if (isset($_sid) && ( !$kill_sid ) ) {

    $link .= $separator . $_sid;

  }

 

an that's it.

 

Hope this helps.

 

CharleyShipman

Link to comment
Share on other sites

  • 1 month later...

Hi,

 

I have a very serious problem with this SID Killer contrib. When I tried to register as a new customer and click the button to continue, the create account page just refresh the page and does not move to the next page to complete the registeration.

 

Did anyone experience this ?? I would very much appreciate if someone can share your experience. Thank you. :o

 

PS. I have added this SID Killer & form button contrib and did according to the readme file....

Link to comment
Share on other sites

How do I find out what version I have, because I have the "prevent spider sessions" option.....YET several Spiders (FROM MY SPIDERS LIST) are indexing my site with Session IDs... !

 

tammy

 

PS and now one from "microsoft" is spidering my site with SIDs

Link to comment
Share on other sites

Well, msnbot is missing from the spiders list. I also found some spiders changed their identifier string in a way that the spiders.txt list missed them. Feel free to edit the list. I did this and have no problems with spiders.

Link to comment
Share on other sites

I have the newer version and have the Kill Spider Sessions" option in the admin panel. The whole site is still getting sids in all the links. I ran it through http://www.searchengineworld.com/ and everything came up with them. I saw a post about a spiders file.

 

Am I supposed to have this file somewhere or am I supposed to create one? I have a robots.txt file, but nothing else.

 

Can someone please direct me in the right direction regarding this?

 

Thanks so much.

Link to comment
Share on other sites

  • 4 months later...

OSC 2.2 MS2

 

I have "Prevent Spider Sessions" = TRUE, however the spider siulator @ searchengineworld shows session id's.

 

I also get random sid's appearing in URL's. User could be at one page and there is no sid, then click next link and sid appears. The sids appear at random, but I have noticed an increase in the appearances.

 

I tried to install Ian's sid killer mod; I had some unfortunate side effects. Here are the ones I noticed at least, there may be more problems that I didn't notice:

 

- I don't have $sid refered to in Ian's mod: I have $_sid.

 

- User can't access their acccount page on login, they just get kicked back to index with no login. Every time they request login, they get kicked.

 

- On the 'who's online' portion of ADMIN, after applying the mod, every page requested by the user appears on there - It generates hundreds of links showing pages they are on, or where they where last <-- This was freaky!

 

The only way it seems to work if someone adds to cart and immediately creates an account and checks out. If they add to cart, then browse the site, they have to login again.

 

It was the hundreds of pages appearing in 'whos online' that got me worried though.

 

1. What am I doing wrong regards Ians mod, re: 'who's online' and inability to login to certain pages, like their account and previous orders?

 

2. Why do SID's appear randomly without the mod? This is the worst...

 

Any asistance or direction would be appreciated, thanks. The mod appeared to work OK, as far as killing session id's.

Link to comment
Share on other sites

  • 2 months later...

Hi,

 

I'm assuming this thread is for this contribution:

 

SID Killer

 

We are running a snapshoot somewhere between MS-1 and MS-2, it's impossible to find out exactly what snapshot though, ..anyway ....

 

The SID killer is not working, we are finding Yahoo and MSN lately are getting the SID like this:

 

66.196.91.36 - - [28/Nov/2004:07:05:33 -0600] "GET /www.example.com/default.php?cPath=11&osCsid=52616f1ee00d88b675df80811bf6a3a6 HTTP/1.0" 200 28936 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"

 

We are using this version "20 Feb 2003 - SID Killer v1.2", and I have checked the installation mods, and they have been done correctly.

 

To my simple thinking, because the line of code that adds the session id is in /includes/functions/html_output.php

 

if (isset($sid) && ( !$kill_sid ) ) {
     $link .= $separator . $sid;
   }

 

so it relies on the var $kill_sid to be off (false) , to add the session id. Ok, so where does $kill_sid get turned off ? in /includes/application_top.php, this code:

 

//================================================================
if ( ($HTTP_GET_VARS['currency']) ) {
  tep_session_register('kill_sid');
  $kill_sid=false;
 }
if (basename($_SERVER['HTTP_REFERER']) == 'allprods.php' ) $kill_sid = true;
if ( ( !tep_session_is_registered('customer_id') ) && ( $cart->count_contents()==0 ) && (!tep_session_is_registered('kill_sid') ) ) $kill_sid = true;
if ((basename($PHP_SELF) == FILENAME_LOGIN) && ($HTTP_GET_VARS['action'] == 'process') ) $kill_sid = false;
if (basename($PHP_SELF) == FILENAME_CREATE_ACCOUNT_PROCESS) $kill_sid = false;
// Uncomment line bellow to disable SID Killer
// $kill_sid = false; 
//================================================================

 

so, basically, it actually only gets turned ON ("kill") for allprods.php, and if the web visitor is not logged on. (Yes, 2 other evaluations in that IF clause, but if the first one isn't true, then it's not going to go any further in evaluating true/false.).

 

Also looking at this line of code .......

 

global $kill_sid, $HTTP_GET_VARS;

 

I'm wondering if register_globals is set to true, for this site.

 

Any clues ??

 

Peter

 

PS I'd rather use MS-2, and just use the 'spiders.txt', but that's another story. :)

Link to comment
Share on other sites

Hi,

 

Well, register_globals are set to 'On'

 

What is strange is that loking at the logs for one day, and extracting all the 'Yahoo' entries, sometimes the sid is turned on, other times it is not, no consistency with filenames, for example product_info.php, sometimes the osCsid is set, other times it is not ?

 

As this is causing my client some grief, I'm wondering if we should uninstall the contribution, and install this one:

 

Spider Killer for MS1

 

Peter

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...