Re: [PHP] PHP Warning: session_destroy
# [EMAIL PROTECTED] / 2007-01-20 17:14:34 -0500:
> To stop bots from accessing secured pages, I've added the following
> code to a banner page that is called by every page. Furthermore, each
> page starts with and includes the banner
> page:
>
> 'top1.php' [banner page]
>
>if((eregi("((Yahoo! Slurp|Yahoo! Slurp China|.NET CLR|Googlebot/2.1|
> Gigabot/2.0|Accoona-AI-Agent))",$_SERVER['HTTP_USER_AGENT'])))
> {
> if ($_SERVER['HTTPS'] == "on")
> {
> session_destroy();
> header("Location: http://localhost/logout.php";);
google for robots.txt, less work with the same effect.
--
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man. You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Warning: session_destroy
Andre Dubuc wrote:
> Hi,
>
> To stop bots from accessing secured pages, I've added the following code to a
> banner page that is called by every page. Furthermore, each page starts with
> and includes the banner page:
>
> 'top1.php' [banner page]
>
>if((eregi("((Yahoo! Slurp|Yahoo! Slurp China|.NET CLR|Googlebot/2.1|
> Gigabot/2.0|Accoona-AI-Agent))",$_SERVER['HTTP_USER_AGENT'])))
> {
> if ($_SERVER['HTTPS'] == "on")
> {
> session_destroy();
> header("Location: http://localhost/logout.php";);
> }
> }
> ?>
>
> I'm testing on localhost with the browser set to 'Googlebot/2.1' - and the
> code works great. Any page that is set for https is not served, and if https
> has been set by a previous visit, it goes to http://somepage.
>
> However, checking the live version, I get an secure-error_log entry:
>
> "PHP Warning: session_destroy() [ href='function.session-destroy'>function.session-destroy]: Trying to
> destroy uninitialized session"
which page is causing the error? is it logout.php perhaps? does that page
call session_destroy too?
your browser making a request with the user-agent set to 'GoogleBot Blabla'
is not the same as an actual googlebot that's making a request - in the
difference
could lie the problem
is session_start() actually returning true we you call it in script run as a
result of
a request initialized by a bot?
btw: do you need to send the bot to logout.php if you've just destroyed the
session?
also, why not just redirect to an http url if it's a bot connecting via https
and forget trying to destroy the session?
>
> Question is: didn't the session_start(); on the calling page take effect, or
> is this some other problem?
>
> Is there something like 'isset' to check whether 'session_destroy(); is
> needed? [I've tried isset, it barfs the code.]
>
> Tia,
> Andre
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Warning: session_destroy
On Saturday 20 January 2007 05:33 pm, Paul Novitski wrote: > At 1/20/2007 02:14 PM, Andre Dubuc wrote: > >However, checking the live version, I get an secure-error_log entry: > > > >"PHP Warning: session_destroy() [ >href='function.session-destroy'>function.session-destroy]: Trying to > >destroy uninitialized session" > > > >Question is: didn't the session_start(); on the calling page take effect, > > or is this some other problem? > > I've gotten the distinct impression from the documentation and from > my own experiences that session_start() is required at the beginning > of every page/script that references the session. See > http://ca3.php.net/session_start including Examples 1 and 2. > > Paul That would tend to make sense despite that the calling page has arleady initiated one. Worth a try . . Thanks, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Warning: session_destroy
At 1/20/2007 02:14 PM, Andre Dubuc wrote: However, checking the live version, I get an secure-error_log entry: "PHP Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session" Question is: didn't the session_start(); on the calling page take effect, or is this some other problem? I've gotten the distinct impression from the documentation and from my own experiences that session_start() is required at the beginning of every page/script that references the session. See http://ca3.php.net/session_start including Examples 1 and 2. Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Warning: session_destroy
Hi, To stop bots from accessing secured pages, I've added the following code to a banner page that is called by every page. Furthermore, each page starts with and includes the banner page: 'top1.php' [banner page] http://localhost/logout.php";); } } ?> I'm testing on localhost with the browser set to 'Googlebot/2.1' - and the code works great. Any page that is set for https is not served, and if https has been set by a previous visit, it goes to http://somepage. However, checking the live version, I get an secure-error_log entry: "PHP Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session" Question is: didn't the session_start(); on the calling page take effect, or is this some other problem? Is there something like 'isset' to check whether 'session_destroy(); is needed? [I've tried isset, it barfs the code.] Tia, Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
