One of my sites is for old mobile phones that don't accept cookies so it uses a URL-based Session ID.
However, Google is indexing the Session ID, so when my site is searched on Google, all the results come up with a specific Session ID.
On most occasions, that Session ID is no longer valid by the time a guest clicks on it, but I've had at least one case where a guest clicked on a link from Google and it actually logged them into someone else's account, which is obviously a huge security flaw.
So how can I keep Google from indexing the Session ID in my URL's? In case it helps, the Session ID has always been set to "Representative URL" in Google's Webmaster Tools.
You can do this by placing a robots.txt file in your root web directory to tell Googlebot and all other crawlers not to crawl URLs with that attribute.
Here is an example:
Lets say the URL you want to block is in the form of:
http://www.mywebsite.com/page.html?id=1234
The robots.txt syntax to block URLs with the id attribute is:
User-agent: *
Disallow: /*id
You can find out more about robots.txt at http://www.robotstxt.org
Read more about this at http://www.seochat.com/c/a/Search-Engine-Optimization-Help/Preventing-Duplicate-Content-on-an-ECommerce-Site-from-Session-IDs/1/
Check this out, https://developers.google.com/search/docs/advanced/crawling/consolidate-duplicate-urls, you can set canonical urls and google-bot will use this url to crawl your webpage, this can also solve duplicate url issues for the same webpage.
Related
Our production application is configured with F5.
If request comes from mobile to http://xxx.abc.com/show.aspx?show=homePage
I want to create rule is F5 to redirect to a different domain like
http://xxx.xyz.com/show.aspx?show=homePage
My doubt here is if the initial URL contains User Agent since users are browsing from mobile, after the rule is created is by default the User Agent is also passed along.
The URL that we are trying to redirect to should also contain User Agent since my application renders mobile pages based on useragent.
Thanks
The answer for your question is on Devcentral.f5.com:
https://devcentral.f5.com/questions/simple-url-redirect-irule
There are several ways to achieve what you're looking for and also include or exclude user agent data. It will depend on exactly what the redirected server needs. Just search on DevCentral for URL Redirect and you'll get more answers than you'll need. Here's an overview of URL redirections:
https://devcentral.f5.com/articles/2-minute-tech-tip-url-redirects
Is it possible to display a different url than the actual url for bookmarking purposes?
Here's why, web site a.com is live and being use for administrative purposes that have not been added to the new site. So when a user visits a.com, they are redirected to a_new.com. But a_new.com is temporary and will eventually become a.com so I need users to be able to to bookmark a.com even though they are at a_new.com.
Makes sense?
Cool,
Thanks,
W
NO
And this is a good thing (though it won't help you)
For example if user visits www.goodsite.com
And goodsite is a good site but vulnerable to script injection. So an evil hacker changes the bookmarking property of goodsite.com to evilsite.com
Next user who bookmarks the site is in for a surprise.
The best thing to do I think would be when the new domain comes up set up a redirect on the pages of the temporary domain
I wonder if there's a way to tell TYPO3 to share the sessions / cookies between different domains?
We wrote an Extbase extension on a multi language / multi domain site.
We store search words from a search form in the user session. If the user switches the page language, he should get the same results as before - Without the need to re-fill the search form.
One way would be to tell the browser to store several cookies at the same time - one for each domain/language. How can this be achieved with TYPO3 / Extbase?
By default, there is no way to set cookies for a different domain - not with or without TYPO3. This is a security measure implemented in every browser (or do you want me to set / read your cookies from yourbank.com when you visit my web site? ;-))
You have to create some helper script that does this for you. One way could be:
example.com is loaded
this page includes an iframe to a PHP script (or TYPO3 site, e.g. with eID) on example.org with a GET parameter storing being the session id
the script loaded from example.org reads the GET parameter and sets a cookie with that session id (or whatever parameter you want to transfer).
afterwards the cookie is also available when browsing example.org
I have never tried this, but I'm pretty sure it will work with PHP. Maybe it's even possible with pure JavaScript, but I'm not so sure. In every case, think about what security holes you get with the explained script. In doubt sign the parameters (or require a token)!
I just stumble this adwords click:
http://www.google.com/aclk?sa=L&ai=XXX&sig=XXX&ved=XXX&adurl=http://example.com
It is supposed to redirect to example.com.
However, If you click on that link, it will redirect you to another site which is not http://example.com.
I think there is something fishy on that example.com.
That site can tell where its visitors come from and display different content for different visitors.
I thought it was the Referer, then I disable the referer in my browser but that site still works.
Anyone know why how to Determine Where Your Visitors Come From Except Referer?
Keep in mind that those clicks "bounce" (ie. redirect) through Google before heading to example.com.
Depending on the circumstance, Google can add additional query string values to the landing page URL during the redirect. Meaning that clickthroughs won't actually land on "http://example.com", but instead something like "http://example.com?gclid=1234567".
In particular, the gclid value is appended to the landing page URL as a way for Google to pass data between Google AdWords and Google Analytics.
So example.com could be looking for a gclid value in order to identify traffic arriving from AdWords. This is independent of the referrer.
The Referrer is the only thing that will do this, unless by "That site can tell where its visitors come from" you are talking about Geo-location....
Note: Referrers are not the most reliable thing in the world. They can be spoofed
I was testing a site with cookies disabled and I noticed HHOJSID parameter in URL path.
It could be a session ID encoded in URL like jsessionid for J2EE web applications.
I searched Google and found a lot of examples but no technical description.
Since this parameter seems to appear exclusively in URLs for HP's Home and Home Office online store, I suggest it stands for "Home and Home Office Java Session ID".
I'm sure you're right when you say it's a URL-based session ID - it's just that HP have modified its name for their online store.