lostndazed Posted February 14, 2007 Share Posted February 14, 2007 In my admin, I have the option to "Prevent Spider Sessions" under admin -> Configuration -> Sessions. If I set "Prevent Spider Sessions" to False, then my Google Checkout will tell my db to remove the item just purchased. But then all spiders can pick up session ids in their crawls, right? Or am I mistaken? And isn't that a security/shopping cart problem? If I set "Prevent Spider Sessions" to True, then I have to manually set the item as sold in my db. Also doesn't update the shopping cart. Is there some other way for me to kill session ids for crawling spiders, but allow Google Checkout the session id? Quote Link to comment Share on other sites More sharing options...
lostndazed Posted February 14, 2007 Author Share Posted February 14, 2007 Wondering if anyone else has encountered this problem and what solution they've come up with? Quote Link to comment Share on other sites More sharing options...
lostndazed Posted February 14, 2007 Author Share Posted February 14, 2007 In includes/application_top.php : can I change the code to allow Google Checkout (https://checkout.google.com/) to get and send session ids? My spiders.txt does not appear to include googlebot. // start the session $session_started = false; if (SESSION_FORCE_COOKIE_USE == 'True') { tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain); if (isset($HTTP_COOKIE_VARS['cookie_test'])) { tep_session_start(); $session_started = true; } } elseif (SESSION_BLOCK_SPIDERS == 'True') { $user_agent = strtolower(getenv('HTTP_USER_AGENT')); $spider_flag = false; if (tep_not_null($user_agent)) { $spiders = file(DIR_WS_INCLUDES . 'spiders.txt'); for ($i=0, $n=sizeof($spiders); $i<$n; $i++) { if (tep_not_null($spiders[$i])) { if (is_integer(strpos($user_agent, trim($spiders[$i])))) { $spider_flag = true; break; } } } } if ($spider_flag == false) { tep_session_start(); $session_started = true; } } else { tep_session_start(); $session_started = true; } // set SID once, even if empty $SID = (defined('SID') ? SID : ''); // verify the ssl_session_id if the feature is enabled if ( ($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == true) && ($session_started == true) ) { $ssl_session_id = getenv('SSL_SESSION_ID'); if (!tep_session_is_registered('SSL_SESSION_ID')) { $SESSION_SSL_ID = $ssl_session_id; tep_session_register('SESSION_SSL_ID'); } if ($SESSION_SSL_ID != $ssl_session_id) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_SSL_CHECK)); } } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.