detect crawlers and strippers and chop off their sessions

scripts/session_init.js

@@ -23,30 +23,45 @@ importPackage(Packages.com.silverwrist.venice.ui.helpers);
 rinput = bsf.lookupBean("request");
 sess = vlib.castVeniceUISession(bsf.lookupBean("session"));
 
-// Get the login cookie name and the CookieControl service.
-cookie_name = rinput.getConfigProperty("login.cookie");
-cctl = vlib.queryCookieControl(rinput);
-if (cctl.isCookiePresent(cookie_name))
-{ // get the login cookie value and try to use it to log in
-  logger.debug("cookie " + cookie_name + " found");
-  logged_in = false;
-  try
-  { // attempt to log the user in with the cookie
-    // but don't do it if they're IP-banned
-    if (rinput.engine.testIPBan(rinput.sourceAddress)==null)
-      logged_in = sess.user.authenticateWithToken(cctl.getCookie(cookie_name));
+// Is this browser a crawler or stripper?  If so, make sure the session is destroyed at
+// the end of this request.
+binfo = vlib.queryBrowserInformation(rinput);
+if (binfo.hasCapability("crawler") || binfo.hasCapability("stripper"))
+{ // delete this session after 30 seconds if nothing else happens
+  logger.debug("this session is a crawler, it will be killed");
+  sess.setMaxInactiveInterval(30);
 
-  } // end try
-  catch (e)
-  { // login failed
-    logger.error("caught " + vlib.exceptionType(e) + ": " + e.message);
-    logged_in = false;
-
-  } // end catch
-
-  if (!logged_in) // not logged in - delete the cookie
-    cctl.deleteCookie(cookie_name);
+  // the session will be killed at the end of the request anyway
+  rinput.registerCleanup(new SessionKiller(sess));
 
 } // end if
 else
-  logger.debug("cookie " + cookie_name + " not found");
+{ // Get the login cookie name and the CookieControl service.
+  cookie_name = rinput.getConfigProperty("login.cookie");
+  cctl = vlib.queryCookieControl(rinput);
+  if (cctl.isCookiePresent(cookie_name))
+  { // get the login cookie value and try to use it to log in
+    logger.debug("cookie " + cookie_name + " found");
+    logged_in = false;
+    try
+    { // attempt to log the user in with the cookie
+      // but don't do it if they're IP-banned
+      if (rinput.engine.testIPBan(rinput.sourceAddress)==null)
+        logged_in = sess.user.authenticateWithToken(cctl.getCookie(cookie_name));
+
+    } // end try
+    catch (e)
+    { // login failed
+      logger.error("caught " + vlib.exceptionType(e) + ": " + e.message);
+      logged_in = false;
+
+    } // end catch
+
+    if (!logged_in) // not logged in - delete the cookie
+      cctl.deleteCookie(cookie_name);
+
+  } // end if
+  else
+    logger.debug("cookie " + cookie_name + " not found");
+
+} // end else (this is a REAL browser, not a crawler or stripper)

src/com/silverwrist/venice/ui/helpers/SessionKiller.java

@@ -0,0 +1,53 @@
+/*
+ * The contents of this file are subject to the Mozilla Public License Version 1.1
+ * (the "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
+ * 
+ * Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTY OF ANY KIND, either express or implied. See the License for the specific
+ * language governing rights and limitations under the License.
+ * 
+ * The Original Code is the Venice Web Communities System.
+ * 
+ * The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
+ * for Silverwrist Design Studios.  Portions created by Eric J. Bowersox are
+ * Copyright (C) 2004 Eric J. Bowersox/Silverwrist Design Studios.  All Rights Reserved.
+ * 
+ * Contributor(s): 
+ */
+package com.silverwrist.venice.ui.helpers;
+
+import com.silverwrist.venice.ui.*;
+
+public class SessionKiller implements AutoCleanup
+{
+  /*--------------------------------------------------------------------------------
+   * Attributes
+   *--------------------------------------------------------------------------------
+   */
+
+  private final VeniceUISession m_sess;
+
+  /*--------------------------------------------------------------------------------
+   * Constructor
+   *--------------------------------------------------------------------------------
+   */
+
+  public SessionKiller(VeniceUISession sess)
+  {
+    m_sess = sess;
+
+  } // end constructor
+
+  /*--------------------------------------------------------------------------------
+   * Implementations from interface AutoCleanup
+   *--------------------------------------------------------------------------------
+   */
+
+  public void cleanup()
+  {
+    m_sess.invalidate();
+
+  } // end cleanup
+
+} // end class SessionKiller

src/com/silverwrist/venice/ui/script/ScriptLibrary.java

@@ -24,9 +24,7 @@ import org.w3c.dom.*;
 import com.silverwrist.util.StringUtil;
 import com.silverwrist.venice.core.*;
 import com.silverwrist.venice.ui.VeniceUISession;
-import com.silverwrist.venice.ui.helpers.CookieControl;
-import com.silverwrist.venice.ui.helpers.HTMLRendering;
-import com.silverwrist.venice.ui.helpers.SessionControl;
+import com.silverwrist.venice.ui.helpers.*;
 import com.silverwrist.venice.util.*;
 
 public class ScriptLibrary
@@ -220,6 +218,12 @@ public class ScriptLibrary
 
   } // end join
 
+  public final BrowserInformation queryBrowserInformation(ServiceProvider sp)
+  {
+    return (BrowserInformation)(sp.queryService(BrowserInformation.class));
+
+  } // end queryBrowserInformation
+
   public final CookieControl queryCookieControl(ServiceProvider sp)
   {
     return (CookieControl)(sp.queryService(CookieControl.class));

src/com/silverwrist/venice/ui/servlet/BrowserDatabase.java

@@ -110,6 +110,11 @@ class BrowserDatabase
 
     } // end finally
 
+    if (m_broken)
+      logger.info("BrowserDatabase: load broken");
+    else
+      logger.info("BrowserDatabase: loaded " + m_browser_list.size() + " entries");
+
   } // end constructor
 
   /*--------------------------------------------------------------------------------