By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,968 Members | 1,852 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,968 IT Pros & Developers. It's quick & easy.

Manuall session creation control....

P: n/a

I am working on a web site and have a problem with how Session is handled by ASP.NET.

Let's say you have a successful web site and one day google (or yahoo) finds out about it.
So it decided to spider it.
So google's robot just came in and hit every page (within short period of time) on your website.

For simplicity you have 1000 pages on your website and google's robot does not preserve cookies.
So basically Google's bot just created 1000 session objects on your site.

Do you see a problem??

1. Just imagine that you have 10,000 pages
2. Your server's memory will be clogged with dummy sessions.
3. Look how easy to bring your site down. Just have a bot that will hit the same page from fast network.

The solution i see here is not to create Session object until user did something meaningful (Like login, added item to the shopping cart, ...).
So basically i would like the Session object not to be created for me automatically.
I wish i had an option to create Session object after request came in and was processed by my code and it was determined (browser has appropriate cookies set) that this request has a session attached to it.
Is there a way to do that in ASP.NET?
PS: As far as i know Yahoo's boot and Google's bots honor cookies. I am more concerned with how easy to bring server down just buy hitting it thousands of time quickly.

Nov 19 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.