detect crawlers and strippers and chop off their sessions
This commit is contained in:
Eric J. Bowersox
@@ -23,30 +23,45 @@ importPackage(Packages.com.silverwrist.venice.ui.helpers);
|
||||
rinput = bsf.lookupBean("request");
|
||||
sess = vlib.castVeniceUISession(bsf.lookupBean("session"));
|
||||
|
||||
// Get the login cookie name and the CookieControl service.
|
||||
cookie_name = rinput.getConfigProperty("login.cookie");
|
||||
cctl = vlib.queryCookieControl(rinput);
|
||||
if (cctl.isCookiePresent(cookie_name))
|
||||
{ // get the login cookie value and try to use it to log in
|
||||
logger.debug("cookie " + cookie_name + " found");
|
||||
logged_in = false;
|
||||
try
|
||||
{ // attempt to log the user in with the cookie
|
||||
// but don't do it if they're IP-banned
|
||||
if (rinput.engine.testIPBan(rinput.sourceAddress)==null)
|
||||
logged_in = sess.user.authenticateWithToken(cctl.getCookie(cookie_name));
|
||||
// Is this browser a crawler or stripper? If so, make sure the session is destroyed at
|
||||
// the end of this request.
|
||||
binfo = vlib.queryBrowserInformation(rinput);
|
||||
if (binfo.hasCapability("crawler") || binfo.hasCapability("stripper"))
|
||||
{ // delete this session after 30 seconds if nothing else happens
|
||||
logger.debug("this session is a crawler, it will be killed");
|
||||
sess.setMaxInactiveInterval(30);
|
||||
|
||||
} // end try
|
||||
catch (e)
|
||||
{ // login failed
|
||||
logger.error("caught " + vlib.exceptionType(e) + ": " + e.message);
|
||||
logged_in = false;
|
||||
|
||||
} // end catch
|
||||
|
||||
if (!logged_in) // not logged in - delete the cookie
|
||||
cctl.deleteCookie(cookie_name);
|
||||
// the session will be killed at the end of the request anyway
|
||||
rinput.registerCleanup(new SessionKiller(sess));
|
||||
|
||||
} // end if
|
||||
else
|
||||
logger.debug("cookie " + cookie_name + " not found");
|
||||
{ // Get the login cookie name and the CookieControl service.
|
||||
cookie_name = rinput.getConfigProperty("login.cookie");
|
||||
cctl = vlib.queryCookieControl(rinput);
|
||||
if (cctl.isCookiePresent(cookie_name))
|
||||
{ // get the login cookie value and try to use it to log in
|
||||
logger.debug("cookie " + cookie_name + " found");
|
||||
logged_in = false;
|
||||
try
|
||||
{ // attempt to log the user in with the cookie
|
||||
// but don't do it if they're IP-banned
|
||||
if (rinput.engine.testIPBan(rinput.sourceAddress)==null)
|
||||
logged_in = sess.user.authenticateWithToken(cctl.getCookie(cookie_name));
|
||||
|
||||
} // end try
|
||||
catch (e)
|
||||
{ // login failed
|
||||
logger.error("caught " + vlib.exceptionType(e) + ": " + e.message);
|
||||
logged_in = false;
|
||||
|
||||
} // end catch
|
||||
|
||||
if (!logged_in) // not logged in - delete the cookie
|
||||
cctl.deleteCookie(cookie_name);
|
||||
|
||||
} // end if
|
||||
else
|
||||
logger.debug("cookie " + cookie_name + " not found");
|
||||
|
||||
} // end else (this is a REAL browser, not a crawler or stripper)
|
||||
|
||||
Reference in New Issue
Block a user