Re: [PHP] PHP Warning: session_destroy
# [EMAIL PROTECTED] / 2007-01-20 17:14:34 -0500: > To stop bots from accessing secured pages, I've added the following > code to a banner page that is called by every page. Furthermore, each > page starts with and includes the banner > page: > > 'top1.php' [banner page] > >if((eregi("((Yahoo! Slurp|Yahoo! Slurp China|.NET CLR|Googlebot/2.1| > Gigabot/2.0|Accoona-AI-Agent))",$_SERVER['HTTP_USER_AGENT']))) > { > if ($_SERVER['HTTPS'] == "on") > { > session_destroy(); > header("Location: http://localhost/logout.php";); google for robots.txt, less work with the same effect. -- How many Vietnam vets does it take to screw in a light bulb? You don't know, man. You don't KNOW. Cause you weren't THERE. http://bash.org/?255991 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Warning: session_destroy
Andre Dubuc wrote: > Hi, > > To stop bots from accessing secured pages, I've added the following code to a > banner page that is called by every page. Furthermore, each page starts with > and includes the banner page: > > 'top1.php' [banner page] > >if((eregi("((Yahoo! Slurp|Yahoo! Slurp China|.NET CLR|Googlebot/2.1| > Gigabot/2.0|Accoona-AI-Agent))",$_SERVER['HTTP_USER_AGENT']))) > { > if ($_SERVER['HTTPS'] == "on") > { > session_destroy(); > header("Location: http://localhost/logout.php";); > } > } > ?> > > I'm testing on localhost with the browser set to 'Googlebot/2.1' - and the > code works great. Any page that is set for https is not served, and if https > has been set by a previous visit, it goes to http://somepage. > > However, checking the live version, I get an secure-error_log entry: > > "PHP Warning: session_destroy() [ href='function.session-destroy'>function.session-destroy]: Trying to > destroy uninitialized session" which page is causing the error? is it logout.php perhaps? does that page call session_destroy too? your browser making a request with the user-agent set to 'GoogleBot Blabla' is not the same as an actual googlebot that's making a request - in the difference could lie the problem is session_start() actually returning true we you call it in script run as a result of a request initialized by a bot? btw: do you need to send the bot to logout.php if you've just destroyed the session? also, why not just redirect to an http url if it's a bot connecting via https and forget trying to destroy the session? > > Question is: didn't the session_start(); on the calling page take effect, or > is this some other problem? > > Is there something like 'isset' to check whether 'session_destroy(); is > needed? [I've tried isset, it barfs the code.] > > Tia, > Andre > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Warning: session_destroy
On Saturday 20 January 2007 05:33 pm, Paul Novitski wrote: > At 1/20/2007 02:14 PM, Andre Dubuc wrote: > >However, checking the live version, I get an secure-error_log entry: > > > >"PHP Warning: session_destroy() [ >href='function.session-destroy'>function.session-destroy]: Trying to > >destroy uninitialized session" > > > >Question is: didn't the session_start(); on the calling page take effect, > > or is this some other problem? > > I've gotten the distinct impression from the documentation and from > my own experiences that session_start() is required at the beginning > of every page/script that references the session. See > http://ca3.php.net/session_start including Examples 1 and 2. > > Paul That would tend to make sense despite that the calling page has arleady initiated one. Worth a try . . Thanks, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Warning: session_destroy
At 1/20/2007 02:14 PM, Andre Dubuc wrote: However, checking the live version, I get an secure-error_log entry: "PHP Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session" Question is: didn't the session_start(); on the calling page take effect, or is this some other problem? I've gotten the distinct impression from the documentation and from my own experiences that session_start() is required at the beginning of every page/script that references the session. See http://ca3.php.net/session_start including Examples 1 and 2. Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Warning: session_destroy
Hi, To stop bots from accessing secured pages, I've added the following code to a banner page that is called by every page. Furthermore, each page starts with and includes the banner page: 'top1.php' [banner page] http://localhost/logout.php";); } } ?> I'm testing on localhost with the browser set to 'Googlebot/2.1' - and the code works great. Any page that is set for https is not served, and if https has been set by a previous visit, it goes to http://somepage. However, checking the live version, I get an secure-error_log entry: "PHP Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session" Question is: didn't the session_start(); on the calling page take effect, or is this some other problem? Is there something like 'isset' to check whether 'session_destroy(); is needed? [I've tried isset, it barfs the code.] Tia, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php