Home/ Questions/Q 6786645
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T17:16:14+00:00

I am using user-agent validation on the session. If user-agent is changing we are

  • 0

I am using user-agent validation on the session. If user-agent is changing we are deleting the session.

But I am facing problem with IE9 with google oauth redirect.

When IE9 is hitting our site, IE is having valid IE9 user-agent

So user-agent is 

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

but after redirection from user-agent is becoming 

 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E)

so I logic for session validation is failing in this case.
Is there any way with ie9 to force IE to fallback to IE9 user-agent 

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Adding a user agent check doesn’t make your session more secure. There is no condition in which an attacker will have a session id and not have a user-agent. Your security system is identical to this: http://domain/?is_hacker=No. If you want to make your session more secure you should enable the cookie secuirty flags and remove this bullshit check.

    • 0