Hi,
To stop bots from accessing secured pages, I've added the following code to a
banner page that is called by every page. Furthermore, each page starts with
<?php session_start(); ?> and includes the banner page:
'top1.php' [banner page]
<?php
if((eregi("((Yahoo! Slurp|Yahoo! Slurp China|.NET CLR|Googlebot/2.1|
Gigabot/2.0|Accoona-AI-Agent))",$_SERVER['HTTP_USER_AGENT'])))
{
if ($_SERVER['HTTPS'] == "on")
{
session_destroy();
header("Location: http://localhost/logout.php";);
}
}
?>
I'm testing on localhost with the browser set to 'Googlebot/2.1' - and the
code works great. Any page that is set for https is not served, and if https
has been set by a previous visit, it goes to http://somepage.
However, checking the live version, I get an secure-error_log entry:
"PHP Warning: session_destroy() [<a
href='function.session-destroy'>function.session-destroy</a>]: Trying to
destroy uninitialized session"
Question is: didn't the session_start(); on the calling page take effect, or
is this some other problem?
Is there something like 'isset' to check whether 'session_destroy(); is
needed? [I've tried isset, it barfs the code.]
Tia,
Andre
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
