| HTTP USER AGENT problem
impermanent HTTP_USER_AGENT, changes on each click |
gcan
msg:4250624 | 10:46 am on Jan 8, 2011 (gmt 0) |
Hello,
I use HTTP_USER_AGENT information in session validation something like that
===============
$agent = getenv('HTTP_USER_AGENT');
$_SESSION['o']=md5($agent);
......
$agentnow = getenv('HTTP_USER_AGENT');
$agentnow=md5($agentnow);
if ($_SESSION['o'] != $agentnow) {
logout();
}
There are no problem with it. It works for all users but today I got a support request from one user that he can login but on the next click he is being logged out.
So, how is it possible that his HTTP_USER_AGENT information changes on each click?
Thanks.
|
alias
msg:4251318 | 2:41 pm on Jan 10, 2011 (gmt 0) |
Does he accept cookies?
|
gcan
msg:4251443 | 6:04 pm on Jan 10, 2011 (gmt 0) |
I don't know. I will check.
|
Matthew1980
msg:4251468 | 7:14 pm on Jan 10, 2011 (gmt 0) |
Hi all,
Whether I am reading this issue wrong or not, not sure, but a quick google reveals this [bugs.php.net].
You could use an alternative way to do login's and credential checks, I personally have never used getenv() before, but that's not to say it doesn't function, it could be to do with the way as the server is setup, which version of php is running and the OS too..
Simple way to check cookies would be to try and set one, and if the call returns false you can display a message asking the user to enable cookies, that's kinda how it's done on here when you first login, check, ok, set, continue.
A few options open to you..
Hope that makes sense.
Cheers,
MRb
|
|
|
