session,cookies,web-crawler , Create accounts only for real people

Create accounts only for real people


Tag: session,cookies,web-crawler

I am building a simple website where users can try a website without registering. I basically create shadow account and log users in without them knowing, so I don't have to bother with functionality of not-logged in users.

I then set the cookie to a user so they can come and use website anytime later without loosing any data.

The problem is that there is lots of scrappers, bots, crawlers... These bots are unintentionally creating a new account every time they visit, because they are not accepting a cookie and I cannot identify them on 2nd visit. And some of them are visiting frequently so I end up with 10's of thousands of accounts that are never really used.

Few things came to my mind:

  1. Expire/remove user if there is no further action on the page (Seems like best idea)
  2. Detect if user accept cookies (this requires that I redirect a user and validate that he can accept cookies - not sure how efficient/slow this is)
  3. Parse user-agent and identify the browser if unidentifiable it is a bot (I'm not sure how reliable this is)

What are my options to address this issue, what do you suggest?


You can check your user accepts cookies via AJAX. On landing page set a cookie and then send a request back to server immediately after page load with the cookie. And only if the cookie is present, then create your user. This will be quick and confirms that the users browser supports cookies.

Expire/remove user can also work well, but you might end up creating and deleting a lot of users which can be expensive on the server.

Sending a dummy User-agent header is a very simple thing for bots and I think they do it anyway (Bad bots) to make sure web servers allow crawling. So they cannot promise the authenticity of the browser.


Javascript Retina / HD display detection and blocking page render during reload

My question is pretty much about page reload rather than retina detection. I'm using the code below in head tag for retina display : <script type="text/javascript"> if( document.cookie.indexOf('device_pixel_ratio') == -1 && 'devicePixelRatio' in window && window.devicePixelRatio == 2 ){ var date = new Date(); date.setTime( date.getTime() + 3600000000 ); document.cookie...

Is it a good practise store the checkout steps fields in php $_SESSION?

I have my e-commerce site with three checkout steps, each button to continue is a POST action and redirect to the next step: if the user navigates by the checkout steps (click on the previous button for example), the form fields don´t show the data posted previously. This form fields...

Devise prevent auto sign-in after registration

Here's my scenario : Users can register on my website by entering their university login. My app checks this login against the university LDAP, and if it exists, it will duplicate the university LDAP entry on my own LDAP + create a database entry for the user on the rails...

Retaining scope value from the cookie store on page refresh

I have the following code in one of my controllers. $scope.artistId = $cookies.artistId; $scope.artistName = $cookies.artistName; $scope.switchArtist = function(artist) { $scope.artistName = ''; $scope.artistId = ''; $scope.artist = artist; $cookies.artistName =; $cookies.artistId =; $scope.artistName =; $scope.artistId =; $rootScope.$broadcast(ARTIST_EVENTS.switchedArtist); }; Then in my view I have {{...

How to access application data in a session .jsp file

I am new to the javaservice page session environment, and I am executing the following loop to view all my session attributes: <% for (Enumeration e = session.getAttributeNames(); e.hasMoreElements(); ) { String attribName = (String) e.nextElement(); Object attribValue = session.getAttribute(attribName); %> <BR> <%= attribName %> - <%= attribValue %> Which...

Distributed session implementation detail

With the reference to the structure of session module in ASP.NET below: As I understand, when the application uses distributed session provider (.e.g. Redis in Azure), the SessionStateModule will deserializes the user's session data into Session dictionary at the beginning of a request. What I'm wondering is whether the module...

get information in database and insert into session codeigniter

i am new to codeigniter and using session. i am having a problem in inserting individual data in session. Model: function get_user_info() { $user_email = $this->input->post('signin-email'); $this->db->select('acct_id, acct_fname, acct_lname, acct_mname'); $this->db->where('email', $user_email); $query = $this->db->get('account'); return $query->result_array(); } Controller: public function LoginValidation(){ $this->load->library('form_validation'); $this->form_validation->set_rules('email', 'Email',...

after puttin php syntax, my website get stuck at preloader

I have this code on my php file for navbar: <?php if(!$session->is_logged_in()) { echo ' <a href="login.php" role="button" aria-expanded="false"> Login <span class="label"> login to system</span> </a> </li>';} else { echo ' <a href="#!" class="dropdown-toggle" role="button" aria-expanded="false"> ' . $session->user_name; . '<span class="badge bg-default">2</span> <span class="caret"></span> <span class="label">it is you</span> </a>';...

Adobe DTM Custom rule conditions check for cookies

I have some problems to get a specific rule to fire in DTM. And the documentation on custom rule conditions from Adobe is very basic. What is should do: Check if a specific cookie exists (values of the cookie are irrelevant). When this cookies does not exist fire the rule....

PHP session array multi

Can some one help me with this? var_dump ($_SESSION['korpa']); Result is this: array(3) { [0]=> array(2) { ["kolicina"]=> int(2) ["item"]=> string(1) "1" } [1]=> array(2) { ["kolicina"]=> string(2) "50" ["item"]=> string(1) "1" } [2]=> array(2) { ["kolicina"]=> string(1) "1" ["item"]=> string(1) "1" } } If $_SESSION['korpa'][0]['item'] exists two or more...

Why php session var that is set has been lost after redirect by javascript

I have two page that are skytrip.localhost/searchresults and skytrip.localhost/bookingInfo In page searchresults , I make ajax request , then it is redirected to page bookingInfo. In ajax request , I set a sesion value , then I want to get this value in the page bookingInfo. But I can't get...

Authentication with OAuth and JWT but without OpenID Connect

I’m wondering if I really need OpenID Connect to provide authentication on top of OAuth2. It seems to me if I generate JWTs (JWE) as my access token and I store user claims, roles/permissions, etc. in the access token, then the OpenID Connect's id token isn't needed. Resource servers can...

OSX tmux configuration session open file in vim automatically

So I have tmux and vim running in iterm2 on OSX. I have a tmux.conf file that sources a session in ~/.tmux/ called 'left'. I have successfully loaded this session with three panes. Two panes in a left column and a single pane on the right. I have also managed...

Server side session in,web-services,session
I want to set one value in server side session in client side and need to access that session in web service, so i tried below In client side : //Set the server side session like below var vr_="demo.png"; '<%Session["path"] = "' + vr_ + '"; %>'; //In alert,checked the...

Is it possible to share session between different PHP versions?

I am starting an old app refactoring, I will rebuild some functionality from spaghetti code to MVC (Symfony). Plan was I will set up new IIS app, using subdomain. Now, old app is running PHP 5.3 which can't be upgraded. New app will be running on PHP 5.6. Only thing...

How to include PHP $_SESSION values in a javascript file?

I use $_SESSION['siteRoot'] to store the root address of my website in (it's basically a framework so this can change depending on the URL used to access the site). I need to use this value in some of my javascript files... Up until now I've been including my js files...

slideToggle state not working with multiple boxes

I'm trying to save the toggle state of collapsable boxes using cookies. Here's my code: HTML: <div class="box_container"> <div class="box_handle"> Title </div> <div class="box" data-title="admin_actions"> Content </div> </div> Javascript: $('div.box_container div.box_handle').click(function() { $(this).next('.box').slideToggle('fast'); }); $.each($('div.box_container div.box_handle'), function(index,value){ if ($.cookie('show_box_' + $(value).next('.box').attr('data-title')) != 'closed'){...

What are the techniques to manage “session” or invocation context for Stateless EJBs during Remote calls?

I am writing an application that uses RMI to invoke EJBs. The EJBs are Stateless; the business requirements do not require conversational state with the client. One of the parameters to the EJB method calls is a "User" object used to determine if the user associated with the call has...

.htacces rewrite by cookie value

I have a website in 2 languages. I'm inserting the text for each language through php constants and I define the user language through a cookie (lang=es or lang=en). Now the base url in each language is but i want to rewrite it depending on the language. If the...

Logging DateTime in SQL Table When Users Session Ends

I have written an application and with this application the user has to login. I have a table where I am keeping their login token for that session, datetime they logged in, datetime they logged out and the duration in which they were logged in. This functionality works great when...

Storing Check Box Selection in Cookies

I have programmed a Remember Me check box to store the username and password in cookies if the box is checked. My problem is, that if they check it and then re-launch the application the username and password auto fill, but the checkbox does not stay checked. I have not...

Meteor: Passing Session values from client to server

I am using the following code on the client side to set the Session variable:{ 'click button': function() { var; UserSession.set("songsearcher", clientid); console.log(clientid + UserSession.get("songsearcher")); I am using the following pacakge: Meteor-User-session, which will explain the use of UserSession in place of Session. Now, this works fine. But...

Force WWW when URL contains path using .htaccess

I'm having a problem with my URL and my sessions. I wish to have ALL website pages be forced to use www. As it looks like now, the website looks like this: into into into into (this is what's wrong) This is...

PHP Cookie to Track/Limit Website Joins (Preventing Automated Account Creation)

I want to implement a solution to limit the number of Website Joins can be made by one user. I thought of tracking IP address but these are to generic now. I'm now looking to set a cookie and increment for each join and then block joins at say 5...

Symfony2: ajax call redirection if session timedout

I have a working dashboard with ajax request. I fire an ajax request on some events which will update a part of the dashboard. But if the session has expired, the part will be refreshed with the login page. How can i do a redirection after the ajax call if...

Using a cookie to save the state of a toggled division

While I've found essentially the same question asked a number of times here and on other sites, I've spent hours and hours trying to get those answers to work on my site to no avail; I'm just plain stumped. Possibly because I'm fairly new to Javascript, self-taught, and I'm doing...

How to share the same email session between all instances of the application?

Maybe this question is already answered, but I couldn't find the proper answer. I have a web application based in JSF, and I want to share the same email session between all the instances of the application, yet I haven't found how to do that. My questions are: a) What...

Disconnect Session via Powershell [closed]

Is there a command to disconnect a user from a session on a server via PowerShell? To logoff i use: Logoff /server:<Server> <SessionID> ...

When is the cookie set by AJAX available in javascript?

I'm doing an AJAX call and setting a cookie in the user browser in the response (the server code sets the cookie). I noticed in the success callback from the ajax, the cookie is not available. When I look in document.cookie the new cookie is not there. My question, when...

Setting a cookie to only show popup once

I'm trying to setup a cookie to only show a popup once, here's my code so far: jQuery(window).load(function(){ // Load pop up within parent-page section only if (window.location.href.indexOf('parent-page') > -1) { alert("your url contains the parent-page in the URL"); ${ items: [ { src: '#disclaimer', // CSS selector of an...

Revert back to previous flask session variables when going back a page

On a Flask website of mine, I have a session variable called 'thisQuestion' which put simply increments by 1 each time a page is loaded. Basically, the page returns questions from a database and the user can state whether they get the question right or wrong. The session variable increases...

multiple SESSION cookies being set?

My site is sending two different session id cookies (PHPSESSID), one under "" and the other "". I read this answer here which says to specify the domain used in the 5th parameter, but what about SESSION cookies which are created automatically? I think the issue is that the facebook...

codeigniter session object expired availability

This might be a silly question. Once a user has been logged in, if session expires I want to redirect him to a "lockscreen" instead to a "login" page. I want to send to the lockscreen some session data (like img-src and loginname) So, here's the question. Does session object...


I am getting two PHPSESSID while printing $_SERVER['HTTP_COOKIE']. Actually I don't know how it is set twice, its only in my local system. When I check the SERVER cookie it like: echo $_SERVER['HTTP_COOKIE']; //result 'fe_toolbar=false; fe_toolbar=false; PHPSESSID=4tvbovcjk0msf9dvibeb31c2b7; langId=1; backendLangId=2; PHPSESSID=46aagg1hg7as2uh9bihjlpp8h7' When I check my cookie alone like : print_r($_COOKIE); //result...

cookie not setting as expected

When I set a cookie like this, it works: var now = new Date(); now.setDate(now.getDate() + 30); document.cookie='bla=cats; expires=' + now + ';path=/;' But when I do this it does not: var now = new Date(); now.setMinutes(now.getMinutes() + 30); document.cookie='bla=cats; expires=' + now + ';path=/;' So I want to set...

Android Cookies (Reward for Invites)

I am trying to integrate 'reward for invites' logic. What I am trying to do for this is I generate a unique URl for every user. When a friend clicks on the URL he is directed to a page and then to the playstore. On the page, a cookie with...

Serializing a java bean into a cookie: Is it bad?

In the organization that i work for, there was a serious debate about the following. Scenario: There is a POJO with 6 different properties all are of type Strings. These values need to be persisted as cookies so that it can be picked back when someone does a booking on...

How do you trigger session garbage collection in PHP < 5.4?

I need to force session garbage collection to trigger in PHP, and I'm using version 5.3.3. I see in PHP 5.4, you can call: SessionHandler::gc() What is the best method to get the same result given the PHP version I am using?...

Get current session info using separate linked php file

These are the only times Select shows up in the file. . . . function GetUserFromEmail($email,&$user_rec) { if(!$this->DBLogin()) { $this->HandleError("Database login failed!"); return false; } $email = $this->SanitizeForSQL($email); $result = mysql_query("Select * from $this->tablename where email='$email'",$this->connection); if(!$result || mysql_num_rows($result) <= 0) { $this->HandleError("There is no user with email: $email"); return...

Exact solution to keep cookie after closing firefox

I know this is asked many time but i want exact solution. Why cookies are deleted after closing firefox? I want to keep cookies after closing firefox....

Prevent a triggering action using a cookie with JavaScript

In a wordpress site I have a pop up window (for email capture) that is triggered by the "mouseleave" event. The pop up works fine but Once the info is captured or the pop up window closed I dont want to bother the visitor with this pop up anymore. So...

python-requests does not grab JSESSIONID and SessionData cookies

I want to scrape a pdf file from but it wants me to accept Terms and Conditions. While downloading from browser I found out that JSTOR saves my acceptance in 2 cookies with names JSESSIONID and SessionData but python-requests does not grab these two cookie( It grab two other...

Secure Cookie Attribute in WebSphere

We are trying to secure our JSESSIONID in our WebSphere Full Profile I have followed the URL provided: Our server configuration: Server11_was: I have Recycled my node - servers and runtimes. However, The JSESSIONID still coming as not secure. Am I missing something? WebSphere version:

PHP Session Information Not Being Stored

I am trying to make a very simple website, where you can go to the main page and log in, of which the code is here <?php session_start(); $warning = $_GET['warning']; $nolog = $_GET['nolog']; $username = "Welcome, please log in"; if ($warning) { $username = "Wrong Username/Password Combination"; }...

Cookie values consistently returning null

I'm attempting to use a prompt to have someone enter a value, make that value into a cookie, then have a link that will redirect that person to a second page where their cookie value would be displayed. The issue I'm running into is that the cookie in question continues...

Check if a cookie array element exists

How can I check that an array element already exists within cookie? Here is my code: var cookieList = function (cookieName) { var cookie = Cookies.get(cookieName); var items = cookie ? cookie.split(/,/) : new Array(); return { "add": function (val) { items.push(val); Cookies.set(cookieName, items.join(','), { path: '/' }); } }...

session value in javascript cannot be set

I am quite new to javascript, I wonder why my session value in javascript wont be set to 1 even I tried. When call this function again, the value of the session will change again. My javascript code as below. <script type="text/javascript"> function Confirm() { alert(<%=Session["Once"]%> != 1); var value...

how do i store these values into just one Session PHP

I have this variable that contains multiple values and I want to save all the values into a $_SESSION['gamecode']. It displays only the last value. $var=explode("|",$key); $gamecode=trim($var[0]); session_start(); $gc[]= trim($var[0]); $_SESSION['gamecode'][]=$gc; var_dump($_SESSION['gamecode']); EDITED foreach($_POST['gm'] as $key => $answer){ if($answer != ''){ $var=explode("|",$key); $gamecode=trim($var[0]); $_SESSION['gamecode'][]=$gc; var_dump($_SESSION['gamecode']); EDIT 2 foreach($_POST['gm'] as $key...