Posted by Nu on 02/01/07 01:37

$_SESSION[] is pretty much dependant on cookies, right?



"Sanders Kaufman" <bucky@kaufman.net> wrote in message
news:Ekbwh.2257$4H1.91@newssvr17.news.prodigy.net...
> Nu wrote:
> > "Sanders Kaufman" <bucky@kaufman.net> wrote in message
>
> >> That's usually an OK design flaw behind a firewall, but not out
> >> in open water.
> >
> > So how do I handle peak loads and exit gracefully during overloads?
> >
> > Basically something like X hits per 10 seconds to index.php sounds
simple
> > enough. I can't find out how to do that, though.
>
> Now THAT is a question a coder can answer!!!
> There are several approaches.
>
> I would use a timestamp/hitcount $_SESSION[] variable to track
> their usage.
>
> Then, each session will be aware of how often its client is
> hitting you - aborting the connection (but not the session!)
> when they're outside of your desired frequency.
>
> Me, personally, I wouldn't abort the connection. I'd put them
> to sleep. There's a sleep() function in PHP that will let you
> pause the processing for a period of time. (You might want to
> build a wrapper around it for your own sleepy purposes.)
>
> This will also force bot/agents into throttling down their
> requests. Since the connection isn't broken, they won't issue a
> zillion connection requests. They'll just thing you've got one
> seriously bogged down machine.
>
> It might even trick them into thinking they DoS'd you - when in
> fact, you DoS'd them.
>
> You can't force people to behave any certain way on the web -
> but you can trick their software!
>
>
>
> Rule #1 of dealing with coders - don't ask *them* for the spec.

[Back to original message]