I've got a new hook that logs my php and mysql errors, then emails them to me every ten minutes. It's only been in place for the last 12 hours, and I'm seeing Baiduspider causing some errors, but not sure what is going on. Take a look at the log entry:
Code:
THIS IS THE PHP ERROR WITH REQUEST HEADERS SHOWING BAIDUSPIDER:
#----
Request URI: /just-some-page
Request headers:
Host = example.com
User-Agent = Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
Accept-Language = en-US
Accept = */*
Cookie = ci_session=fd13b9c5b8c8556eebefb8c8a6e7ed29abdacfc7;
#---
PHP WARNING #2 - Date/Time: 5/21/2016 08:33:19
File: /home/skunkbad/public_html/example.com/ci/system/core/Common.php
Line: 573
Message: Cannot modify header information - headers already sent by (output started at /home/skunkbad/public_html/example.com/ci/system/core/Output.php:528)
Error Count: 1
#--
THIS IS THE ASSOCIATED MYSQL ERROR:
Error Number: 1062
Duplicate entry 'fd13b9c5b8c8556eebefb8c8a6e7ed29abdacfc7' for key 'PRIMARY'
INSERT INTO `ci_sessions` (`id`, `ip_address`, `timestamp`, `data`) VALUES ('fd13b9c5b8c8556eebefb8c8a6e7ed29abdacfc7', '180.76.15.33', 1463844799, '__ci_last_regenerate|i:1463844798;')
Filename: libraries/Session/drivers/Session_database_driver.php
Line Number: 233
Now, I know in my application code that nowhere am I just blindly allowing people to supply their own session IDs, and entering them into the database as a valid session ID, so I'm wondering if this is the way CI sessions is supposed to work? In the header it appears that Baiduspider is supplying a session ID, but in the MySQL error it looks like the session already exists and is expired. In a normal browser the expired session would be dropped, and this problem wouldn't exist, but why does CI blindly want to enter the session into the sessions table?
In the database I see the session with matching Id, and it has a timestamp a second or two before these errors: 1463844797
Enlighten me ....
