Managing your billable sessions, and ensuring that you have enough billable sessions in your license so that you will not be subject to overages, is a key element of administering the Oracle B2C Service application.   When you are assessing how many billable sessions you should purchase as an entitlement, you need to not only take into account how many users you expect to visit your site over the billing period, but also how you are going to configure the site.  Configuration considerations include:

1.  How do you want to use sitemap and robots.txt?  These configurations don't control how bots and crawlers interact with your site, but they do affect how easy it is for them to do so, and which are explicitly blocked or allowed.

2.  Should your site be available to the public internet at all?  If only users on a particular network should be able to get to your end user pages, you should use SEC_VALID_ENDUSER_HOSTS to restrict access only to that range.  It is also strongly recommended that if you have the ability to put the main content of your site behind a login, you do so.  This alone will dramatically restrict the availability of pages for bots, crawlers and other automated scripts to generate sessions.  If you choose not to restrict access to your site from the public internet, there is no system that can guarantee that every visitor to your site is a legitimate user/customer, and you should purchase your billable sessions entitlements with the understanding that you totals will include some degree of unattributable/automated sessions.  This is a fact of life for sites available to the public internet.

3.  Do you have integrations or customizations that might generate sessions?  Do you have call centers that might generate sessions?  You need to review your business to ensure that you aren't inadvertently generating sessions.  Common examples of this mistake are your own integrations (ex: external pages that load Customer Portal assets), or agents using your Customer Portal knowledge base as a reference.  For the latter, tools that allow your agents to access knowledge documents through the Agent Browser UI are the preferred setup.  Another example is inappropriate usage of clickstreams actions -- do not put an inappropriate value into the error page's clickstreams action!  It will cause error page hits to generate sessions.

Keep an eye on the release notes for future product releases.  Our product development team is aware of the demand for the ability to influence/control billable session rates, and is constantly working to produce new features that will assist.

What do I do if I see a sessions issue?

Per the cloud services contract for Oracle B2C Service, Oracle will make best efforts to identify billable sessions.  As noted above, no system has a 100% sensitivity rate for identifying and blocking/discounting automated traffic.  If you see a spike in your billable sessions through either the Service Usage Metrics Dashboard or through the Sessions Alerting Tool, the first thing you should do is wait 7 days from the date of the event.  There are scripts that actively attempt to clean up traffic that is clearly automated, which may take up to 7 days to execute.  If you continue to see the traffic in your reporting after 7 days, you are welcome to Submit a Service Request.  

When submitting a service request, please keep in mind that manual review of your billable sessions can only be done at a very high level.  Large amounts of traffic from a single IP, IP range, or user agent, can often be diagnosed.  However, it is often impossible to diagnose the source or intent of handfuls of sessions from a wide distribution of IP addresses.  As a best practice, such traffic should be accepted as normal traffic experienced by sites available to the public internet, and when purchasing sessions entitlements they should be calculated to take into account some level of such traffic.

For more information on Sessions, Session Management, and entitlements, please see this answer.