If you want to disallow session creation for certain non web browser user agents, like search engine spiders, you can use a mod_perl PerlInitHandler like this to set configuration variables at runtime:
# put the following code into httpd.conf and stop/start apache server
PerlInitHandler My::InitHandler

<Perl>

package My::InitHandler;
use Apache;

sub handler {
my $r = shift; # get the Apache request object

# if not a Mozilla User Agent, then disable sessions explicitly
unless($r->headers_in('User-Ag ent') =~ /^Mozilla/) {
$r->dir_config('AllowSessionSt ate', 'Off');
}

return 200; # return OK mod_perl status code
}

1;

</Perl>
This will configure your environment before Apache::ASP executes and sees the configuration settings. You can use the mod_perl API in this way to configure Apache::ASP at runtime.

Answered by Sudipta Deb , an ibibo Specialist, at 6:11 AM on December 04, 2008

If you want to disallow session creation for certain non web browser user agents, like search engine spiders, you can use a mod_perl PerlInitHandler like this to set configuration variables at runtime:

# put the following code into httpd.conf and stop/start apache server
PerlInitHandler My::InitHandler

<Perl>

package My::InitHandler;
use Apache;

sub handler {
my $r = shift; # get the Apache request object

# if not a Mozilla User Agent, then disable sessions explicitly
unless($r->headers_in('User-Agent') =~ /^Mozilla/) {
$r->dir_config('AllowSessionState', 'Off');
}

return 200; # return OK mod_perl status code
}

1;

</Perl>

This will configure your environment before Apache::ASP executes and sees the configuration settings. You can use the mod_perl API in this way to configure Apache::ASP at runtime.

Note that the Session Manager is very robust on its own, and denial of service attacks of the types that spiders and other web bots normally execute are not likely to affect the Session Manager significantly.

Answered by Nagendra , an ibibo Master, at 5:22 AM on December 04, 2008