Last post Aug 09, 2011 09:47 AM by Hopefully
Sep 16, 2010 10:06 AM|Hopefully|LINK
Is it possible to ignore case on the sessionID? Is it useful/secure to do so? I have a bothersome search engine hitting my site with session id's that have a lower case "s" in the ID, so it looks like - (s( - at the beginning of the id, rather than -
(S( - It's filling up my error handling database with page not found because of it! Does anyone have any good suggestions on how I might fix this?
sessionID lowercase uppercase
Sep 21, 2010 04:32 AM|Jerry Weng - MSFT|LINK
SessionID is generated by server automatically.
It's filling up my error handling database with page not found because of it!
How would you page will get not found exception with the SessionID? Did you do some calculation with the SessionID in your web system?
If yes, please use sessionid.ToLower() to make all the sessionid string to lower case.
Sep 21, 2010 08:51 AM|Hopefully|LINK
Thanks for your reply. I was loosing hope. It's the second time I've posted the issue. Nobody seems interested in this problem.
I don't do anything special. I just set the mode in the config file. The sessionID numbers are generated automatically. My problem is that a search engine somehow lobbed onto a sessionID that begins with a lower case 's'. If any other letter were wrong
in the rest of the string the system would ignore it and just reissue a new sessionID, but in this case, IIS (or whatever is interpreting this situation) seems to be saying,
"OH!!! - you are not starting with a '(S(', but rather with a '(s(', so you are NOT a sqlserver sessionID. I think your are a url, and since I don't have a website here that starts with '(s(' I am going to redirect you to my error page you lucky dog you!"
As it happens, it is always the SAME search engine and they do it to all my servers all night long. It is...
This turd hit one of my servers over 7000 times last night with an invalid url and was returned an error page every time, yet they have persisted in doing this every night for months? years? It's virtually invalidated my error handling process.
I've found an article by a person named Sebastian, who promises to bore me to death with a subject that is "dull as dust", but I think I'm just going to have to bite the bullet and understand how to handle this with a 'redirect' of some kind.
Ideas? Thoughts? THANKS JERRY!!
Sep 21, 2010 01:56 PM|Hopefully|LINK
Would cloaking be appropriate here?
What about URL rewrite?
Do most people do something to help when it comes to search engines that might be helpful for me in this case?
Sep 21, 2010 09:12 PM|Jerry Weng - MSFT|LINK
Try to create a robots.txt in the folder which you don't want the search engine to claw the pages in that folder. And write the code to the robots.txt like this.
For more information about robots.txt, please follow this:
Aug 09, 2011 09:47 AM|Hopefully|LINK
robots.txt is a good idea, but it didn't work for this situation.