{"id":29196583,"url":"https://github.com/flancer32/mage2_ext_bot_sess","last_synced_at":"2025-07-02T06:07:42.554Z","repository":{"id":62505319,"uuid":"121832381","full_name":"flancer32/mage2_ext_bot_sess","owner":"flancer32","description":"Magento2: prevent session creation for bots \u0026 crawlers","archived":false,"fork":false,"pushed_at":"2023-07-19T19:49:41.000Z","size":88,"stargazers_count":21,"open_issues_count":0,"forks_count":3,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-06-17T23:48:26.093Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flancer32.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-02-17T06:16:04.000Z","updated_at":"2024-09-20T16:59:19.000Z","dependencies_parsed_at":"2022-11-02T10:16:03.487Z","dependency_job_id":null,"html_url":"https://github.com/flancer32/mage2_ext_bot_sess","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/flancer32/mage2_ext_bot_sess","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flancer32%2Fmage2_ext_bot_sess","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flancer32%2Fmage2_ext_bot_sess/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flancer32%2Fmage2_ext_bot_sess/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flancer32%2Fmage2_ext_bot_sess/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flancer32","download_url":"https://codeload.github.com/flancer32/mage2_ext_bot_sess/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flancer32%2Fmage2_ext_bot_sess/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263083719,"owners_count":23411165,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-02T06:07:36.699Z","updated_at":"2025-07-02T06:07:42.536Z","avatar_url":"https://github.com/flancer32.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Magento2: prevent session creation for search engines bots/crawlers and clean up expired sessions for humans\n\nThere is a [problem](https://magento.stackexchange.com/questions/18276/magento-generating-aprox-20-session-files-per-minute) with search engines bots and crawlers in Magento - new session is created for each request from the bots. So, there are a lot of \"dead\" sessions in sessions storage when any bot scans Magento pages - each page request creates a new session. This module [prevents](https://github.com/flancer32/mage2_ext_bot_sess/blob/master/Plugin/Session/SessionManager.php#L27) session creation for search engines bots and crawlers.\n\nAnother problem is that Magento does not clean up user's expired sessions if sessions are stored in DB. This module [does it](https://github.com/flancer32/mage2_ext_bot_sess/blob/master/Service/Clean.php#L125).\n\n* [Configuration](#configuration)\n* [Prevent the Sessions Creation](#prevent-the-sessions-creation)\n* [Sessions Cleanup](#sessions-cleanup)\n  * [DB Sessions](#db-sessions)\n  * [Filesystem Sessions](#filesystem-sessions)\n* [Logging](#logging)\n* [User-Agents Analysis](#user-agents-analysis)\n* [Install](#install)\n* [Uninstall](#uninstall)\n\n\n\n## Configuration\n\nGo to `Stores / Configuration / General / Web / Bots Sessions Settings`:\n\n![Configuration](./docs/img/config.png \"Configuration\")\n\n* **Bots Signatures**: All parts will be concatenated into one regex \"/^alexa|^blitz\\.io|...|yandex/i\" to lookup for the bots.\n* **Bots Sessions Max Lifetime**: note, that Magento cron runs clean up job [every hour](./etc/crontab.xml).\n\n\n## Prevent the Sessions Creation\nThis activity is independent of session storage (redis, db, files, ...) and available immediately after installation. Magento will not create new session if `User-Agent` HTTP header of the visitor will be filtered with `Bots Signatures` configuration option. \n\n\n\n## Sessions Cleanup\nUsers sessions can be [stored](https://devdocs.magento.com/guides/v2.3/config-guide/prod/config-reference-envphp.html#session) in [Redis](https://devdocs.magento.com/guides/v2.3/config-guide/redis/redis-session.html), in DB or as [files](https://devdocs.magento.com/guides/v2.3/config-guide/sessions.html).\n\nThis module cleans up only sessions saved in DB or filesystem.\n\n### DB Sessions\n\nMagento saves own sessions in DB (`./app/etc/env.php`):\n```php\n['session' =\u003e \n  [\n    'save' =\u003e 'db',\n  ]\n];\n```\n\nConsole command to clean up bot's existing sessions \u0026 user's expired sessions from DB:\n```bash\n$ ./bin/magento fl32:botsess:clean\n```\n\n\n\n### Filesystem Sessions\n\nMagento saves own sessions in filesystem (`./app/etc/env.php`):\n```php\n['session' =\u003e \n  [\n    'save' =\u003e 'files',\n  ]\n];\n```\n\nPHP garbage collector cleans up the sessions (see `session.gc_maxlifetime`). Magento in this mode cannot control sessions lifetime. Use this route to clean up files sessions for inactive users: `http://your.shop.com/fl32botsess/clean/files` and [this](./etc/bin/root_cron_clean_files.sh) template to create shell-script for cron.\n\n**This is bad solution for bad practice. Don't use files for Magento sessions at all.**\n\n\n\n## Logging\nSee logs for module's activities in `MAGENTO_ROOT/var/log/fl32.botsess.log`.\n\n\n\n## User-Agents Analysis\nIf Magento saves sessions in DB then you can get list of user agents for active sessions after CLI cleanup:\n\n```shell script\n$ ./bin/magento fl32:botsess:clean\nCommand 'fl32:botsess:clean' is started.\n1: Mozilla/5.0 (Linux; Android 8.1.0; DRA-LX5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Mobile Safari/537.36\n...\n1583: Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Mobile/15E148 Safari/604.1\n2439: Re-re Studio (+http://2re.site/)\n9138: 1C+Enterprise/8.3\nTotal '50501' sessions are found in DB.\n'0' sessions are not defined as bot's.\n'0' sessions are deleted as bot's.\n'170' sessions are deleted as inactive users.\n'0' sessions have a failures during analyze.\n'50331' sessions are belong to active users.\nCommand 'fl32:botsess:clean' is executed.\n```\n\nSo, `2439: Re-re Studio (+http://2re.site/)` means that user agent named `Re-re Studio (+http://2re.site/)` was used in 2439 saved sessions. \n\n\n## Install\n```bash\n$ cd ${DIR_MAGE_ROOT}\n$ composer require flancer32/mage2_ext_bot_sess\n$ bin/magento module:enable Flancer32_BotSess\n$ bin/magento setup:upgrade\n$ bin/magento setup:di:compile\n$ bin/magento setup:static-content:deploy\n$ bin/magento cache:clean\n$ # set filesystem permissions to your files\n```\n\n\n\n## Uninstall\nYou need an authentication keys for `https://repo.magento.com/` to uninstall any Magento 2 module. Go to your [Magento](https://marketplace.magento.com/customer/accessKeys/) account, section (My Profile / Marketplace / Access Keys) and generate pair of keys to connect to Magento 2 repository. Then place composer authentication file `auth.json` besides your `composer.json` as described [here](https://getcomposer.org/doc/articles/http-basic-authentication.md) and put your authentication keys for `https://repo.magento.com/` into the authentication file:\n```json\n{\n  \"http-basic\": {\n    \"repo.magento.com\": {\n      \"username\": \"...\",\n      \"password\": \"...\"\n    }\n  }\n}\n```\n\nThen run these commands to completely uninstall `Flancer32_BotSess` module: \n```bash\n$ cd ${DIR_MAGE_ROOT}   \n$ bin/magento module:uninstall Flancer32_BotSess\n$ composer remove flancer32/mage2_ext_bot_sess\n$ bin/magento setup:upgrade\n$ bin/magento setup:di:compile\n$ bin/magento setup:static-content:deploy\n$ bin/magento cache:clean\n$ # set filesystem permissions to your files\n```\n\nBe patient, uninstall process (`bin/magento module:uninstall ...`) takes about 2-4 minutes. Remove `auth.json` file at the end:\n\n ```bash\n$ rm ./auth.json\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflancer32%2Fmage2_ext_bot_sess","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflancer32%2Fmage2_ext_bot_sess","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflancer32%2Fmage2_ext_bot_sess/lists"}