Actions
Improvements #13970
closedKill sessioned GET requests early
Start date:
09/10/2025
Due date:
% Done:
100%
Estimated time:
Description
If a session comes in, that is NOT detected as a bot, and does allow JavaScript, they should never have a wtd parameter attached to them.
This can only be the case if JavaScript is disabled.
In the wild we've seen this happen, with suspected bots that are JS/Ajax capable, but still seemingly are only used to access a page singularly, not utilizing the session.
These type of sessions should be killed early, so they do not uselessly take up memory.
Updated by Matthias Van Ceulebroeck 2 months ago
- Status changed from InProgress to Review
- Assignee deleted (
Matthias Van Ceulebroeck)
Updated by Matthias Van Ceulebroeck 2 months ago
- Related to Improvements #13877: Be less permissive to bots added
Updated by Matthias Van Ceulebroeck about 1 month ago
- Status changed from Review to Implemented @Emweb
- Assignee changed from Romain Mardulyn to Matthias Van Ceulebroeck
- % Done changed from 0 to 100
Updated by Matthias Van Ceulebroeck about 1 month ago
- Status changed from Implemented @Emweb to Implemented @Test
Updated by Matthias Van Ceulebroeck about 1 month ago
- Status changed from Implemented @Test to Closed
Actions