...
So, how should you handle these bots to prevent performance issues with your ColdFusion service? Well, a long time ago, the answer you would have been told was to disable sessions for bots. This is not the recommended approach to handle these bots, as disabling sessions could cause unexpected errors in your application that depend on the session being active. Instead, it is recommended to limit sessions for bots to a lower threshold such as 2 minutesseconds.
Since these bots do not utilize cookies, you can check for the presence of a cookie in your application. If a cookie is found, apply your standard session timeout (e.g., 30 minutes, as shown in the example below). If no cookie is detected, it is likely a bot request, and you can restrict the session timeout to a shorter duration, such as 2 minutes seconds (as demonstrated below).
| Code Block | ||||
|---|---|---|---|---|
| ||||
<!--- If no cookie is detected, then a shorter session timeout is applied. ---> <cfif StructKeyExists(cookie, "cfid") or StructKeyExists(cookie, "jsessionid")> <cfset this.sessiontimeout = CreateTimeSpan(0,0,30,0) /> <cfelse> <cfset this.sessiontimeout = CreateTimeSpan(0,0,0,2) /> </cfif> |
...