<%@ page session="false" %> ? This is a JSP/Servlet container thing and not Shiro related.
HTH, Les On Tue, Jul 16, 2013 at 2:45 AM, Albert Kam <moonblade.w...@gmail.com>wrote: > I notice that even as an anonymous user, a shiro session is created (and > inserted into my db in my case) at my first access to a web page. After a > successful login, the session record is simply updated with the appropriate > attributes. > > Now i tried 'stress-testing' the main page url with : > > curl -s "http://myapp.com?[1-1000]"; > > And my fear came true as i count the created session is as much as the > loop. > > So the question here is, is there anyway i can avoid having a session > creation flood by a web crawler or a spammer ? > > > -- > Do not pursue the past. Do not lose yourself in the future. > The past no longer is. The future has not yet come. > Looking deeply at life as it is in the very here and now, > the practitioner dwells in stability and freedom. > (Thich Nhat Hanh) >
