View Issue Details

IDProjectCategoryView StatusLast Update
0002909OXID eShop (all versions)4.02. Session handlingpublic2011-06-30 16:32
Status resolvedResolutionno change required 
Product Version4.5.0 revision 34568 
Target VersionFixed in Version 
Summary0002909: Session will be destroyed as soon as changes the user agent!
DescriptionThe session will be destroyed when a call is made under the same session ID but different user agent.

Sequence: Basket-content, current login, etc. are lost.
Steps To Reproduce1st Creating a session (Log in or create an item in the shopping cart)
2nd Change in the browser user-agent
3rd Reload
Additional InformationSolution: _checkUserAgent remove () from oxSession.
TagsNo tags attached.
PHP Versionany
Database Versionany



2011-05-19 18:51

reporter   ~0004623

Last edited: 2011-05-19 18:51

View 2 revisions



2011-05-20 07:59

reporter   ~0004625

I translate:

The procedure to destroy the session if user agent changes causes some problems with antivirus tools like trend micro, which make a request to each site to detect drive by infections. Therefore, the user agent check should be improved or removed.


2011-05-20 09:39

reporter   ~0004629

@developers: check from source code side if such issue still exist


2011-05-24 12:52

reporter   ~0004655

That is very annoying because FirePHP extends the user agent automatically and therefore session is resetted.


2011-06-30 16:32

reporter   ~0004798

Reminder sent to: webstube


Such behavior (like dropping the session if user agent is changed) was planned as an additional security check. It helps to deny access to confidential data (orders, accounts, etc.) in case if session was stolen by some third party user. Checking the change of browser agent is one ways to detect such illegal case.

Best regards,