Home/ Questions/Q 8236171
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T19:03:52+00:00

I have code as follows to make a session more secure through the use

  • 0

I have code as follows to make a session more secure through the use of an MD5 of the UA and a seed.

if (!isset($_SESSION['key']))
{
    $_SESSION['key']=md5($_SERVER['HTTP_USER_AGENT'] . $UA_SEED);
    $session_is_valid = TRUE;
}
else if($_SESSION['key'] != md5($_SERVER['HTTP_USER_AGENT'] . $UA_SEED))
{
    $session_is_valid = FALSE;
    exit;
}

The code works fine but IE9 has an agenda of its own. When accessing my website directly by typing in the URL, the UA is sent as 

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)

If I access it through a link from another website, the UA is sent as

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

Is there any workaround to this? Other browsers do no such shenanigans.

P.S. I understand that this added form of “security” is limited but something is better than nothing.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    From your strings, one is MSIE 7.0 and the other is MSIE 9.0. This blog post says that in IE9 and onwards, only the shorter UA string will be used (unless compability mode or version emulation using the F12 dev tools are used).

    So your issue most likely point to one of the following:

    • You have compatibility mode turned on.
    • You have the IE version set to 7.0 in the F12 developer tools.
    • IE’s settings are messed up and some sites show under compatibility mode. In this case, you should reset IE’s settings to default.
    • 0