PHPackages                             flancer32/mage2\_ext\_bot\_sess - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. flancer32/mage2\_ext\_bot\_sess

ActiveMagento2-module[Security](/categories/security)

flancer32/mage2\_ext\_bot\_sess
===============================

Magento2: prevent session creation for bots &amp; crawlers.

0.1.6(6y ago)2212.2k↓26.2%3GPL-3.0-onlyPHP

Since Feb 17Pushed 2y ago4 watchersCompare

[ Source](https://github.com/flancer32/mage2_ext_bot_sess)[ Packagist](https://packagist.org/packages/flancer32/mage2_ext_bot_sess)[ Docs](https://github.com/flancer32/mage2_ext_bot_sess)[ RSS](/packages/flancer32-mage2-ext-bot-sess/feed)WikiDiscussions master Synced yesterday

READMEChangelog (7)DependenciesVersions (9)Used By (0)

Magento2: prevent session creation for search engines bots/crawlers and clean up expired sessions for humans
============================================================================================================

[](#magento2-prevent-session-creation-for-search-engines-botscrawlers-and-clean-up-expired-sessions-for-humans)

There is a [problem](https://magento.stackexchange.com/questions/18276/magento-generating-aprox-20-session-files-per-minute) with search engines bots and crawlers in Magento - new session is created for each request from the bots. So, there are a lot of "dead" sessions in sessions storage when any bot scans Magento pages - each page request creates a new session. This module [prevents](https://github.com/flancer32/mage2_ext_bot_sess/blob/master/Plugin/Session/SessionManager.php#L27) session creation for search engines bots and crawlers.

Another problem is that Magento does not clean up user's expired sessions if sessions are stored in DB. This module [does it](https://github.com/flancer32/mage2_ext_bot_sess/blob/master/Service/Clean.php#L125).

- [Configuration](#configuration)
- [Prevent the Sessions Creation](#prevent-the-sessions-creation)
- [Sessions Cleanup](#sessions-cleanup)
    - [DB Sessions](#db-sessions)
    - [Filesystem Sessions](#filesystem-sessions)
- [Logging](#logging)
- [User-Agents Analysis](#user-agents-analysis)
- [Install](#install)
- [Uninstall](#uninstall)

Configuration
-------------

[](#configuration)

Go to `Stores / Configuration / General / Web / Bots Sessions Settings`:

[![Configuration](./docs/img/config.png "Configuration")](./docs/img/config.png)

- **Bots Signatures**: All parts will be concatenated into one regex "/^alexa|^blitz.io|...|yandex/i" to lookup for the bots.
- **Bots Sessions Max Lifetime**: note, that Magento cron runs clean up job [every hour](./etc/crontab.xml).

Prevent the Sessions Creation
-----------------------------

[](#prevent-the-sessions-creation)

This activity is independent of session storage (redis, db, files, ...) and available immediately after installation. Magento will not create new session if `User-Agent` HTTP header of the visitor will be filtered with `Bots Signatures` configuration option.

Sessions Cleanup
----------------

[](#sessions-cleanup)

Users sessions can be [stored](https://devdocs.magento.com/guides/v2.3/config-guide/prod/config-reference-envphp.html#session) in [Redis](https://devdocs.magento.com/guides/v2.3/config-guide/redis/redis-session.html), in DB or as [files](https://devdocs.magento.com/guides/v2.3/config-guide/sessions.html).

This module cleans up only sessions saved in DB or filesystem.

### DB Sessions

[](#db-sessions)

Magento saves own sessions in DB (`./app/etc/env.php`):

```
['session' =>
  [
    'save' => 'db',
  ]
];
```

Console command to clean up bot's existing sessions &amp; user's expired sessions from DB:

```
$ ./bin/magento fl32:botsess:clean
```

### Filesystem Sessions

[](#filesystem-sessions)

Magento saves own sessions in filesystem (`./app/etc/env.php`):

```
['session' =>
  [
    'save' => 'files',
  ]
];
```

PHP garbage collector cleans up the sessions (see `session.gc_maxlifetime`). Magento in this mode cannot control sessions lifetime. Use this route to clean up files sessions for inactive users: `http://your.shop.com/fl32botsess/clean/files` and [this](./etc/bin/root_cron_clean_files.sh) template to create shell-script for cron.

**This is bad solution for bad practice. Don't use files for Magento sessions at all.**

Logging
-------

[](#logging)

See logs for module's activities in `MAGENTO_ROOT/var/log/fl32.botsess.log`.

User-Agents Analysis
--------------------

[](#user-agents-analysis)

If Magento saves sessions in DB then you can get list of user agents for active sessions after CLI cleanup:

```
$ ./bin/magento fl32:botsess:clean
Command 'fl32:botsess:clean' is started.
1: Mozilla/5.0 (Linux; Android 8.1.0; DRA-LX5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Mobile Safari/537.36
...
1583: Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Mobile/15E148 Safari/604.1
2439: Re-re Studio (+http://2re.site/)
9138: 1C+Enterprise/8.3
Total '50501' sessions are found in DB.
'0' sessions are not defined as bot's.
'0' sessions are deleted as bot's.
'170' sessions are deleted as inactive users.
'0' sessions have a failures during analyze.
'50331' sessions are belong to active users.
Command 'fl32:botsess:clean' is executed.
```

So, `2439: Re-re Studio (+http://2re.site/)` means that user agent named `Re-re Studio (+http://2re.site/)` was used in 2439 saved sessions.

Install
-------

[](#install)

```
$ cd ${DIR_MAGE_ROOT}
$ composer require flancer32/mage2_ext_bot_sess
$ bin/magento module:enable Flancer32_BotSess
$ bin/magento setup:upgrade
$ bin/magento setup:di:compile
$ bin/magento setup:static-content:deploy
$ bin/magento cache:clean
$ # set filesystem permissions to your files
```

Uninstall
---------

[](#uninstall)

You need an authentication keys for `https://repo.magento.com/` to uninstall any Magento 2 module. Go to your [Magento](https://marketplace.magento.com/customer/accessKeys/) account, section (My Profile / Marketplace / Access Keys) and generate pair of keys to connect to Magento 2 repository. Then place composer authentication file `auth.json` besides your `composer.json` as described [here](https://getcomposer.org/doc/articles/http-basic-authentication.md) and put your authentication keys for `https://repo.magento.com/` into the authentication file:

```
{
  "http-basic": {
    "repo.magento.com": {
      "username": "...",
      "password": "..."
    }
  }
}
```

Then run these commands to completely uninstall `Flancer32_BotSess` module:

```
$ cd ${DIR_MAGE_ROOT}
$ bin/magento module:uninstall Flancer32_BotSess
$ composer remove flancer32/mage2_ext_bot_sess
$ bin/magento setup:upgrade
$ bin/magento setup:di:compile
$ bin/magento setup:static-content:deploy
$ bin/magento cache:clean
$ # set filesystem permissions to your files
```

Be patient, uninstall process (`bin/magento module:uninstall ...`) takes about 2-4 minutes. Remove `auth.json` file at the end:

```
$ rm ./auth.json
```

###  Health Score

35

—

LowBetter than 77% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity34

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity58

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 90.6% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~138 days

Recently: every ~195 days

Total

7

Last Release

2229d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/6083415?v=4)[F. Lancer, SIA](/maintainers/flancer32)[@flancer32](https://github.com/flancer32)

---

Top Contributors

[![flancer64](https://avatars.githubusercontent.com/u/5052385?v=4)](https://github.com/flancer64 "flancer64 (29 commits)")[![clivewalkden](https://avatars.githubusercontent.com/u/1225802?v=4)](https://github.com/clivewalkden "clivewalkden (3 commits)")

### Embed Badge

![Health badge](/badges/flancer32-mage2-ext-bot-sess/health.svg)

```
[![Health](https://phpackages.com/badges/flancer32-mage2-ext-bot-sess/health.svg)](https://phpackages.com/packages/flancer32-mage2-ext-bot-sess)
```

###  Alternatives

[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.7M143](/packages/mews-purifier)[paragonie/ecc

PHP Elliptic Curve Cryptography library

24820.0k37](/packages/paragonie-ecc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
