View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002909||OXID eShop (all versions)||4.02. Session handling||public||2011-05-19 18:31||2011-06-30 16:32|
|Status||resolved||Resolution||no change required|
|Product Version||4.5.0 revision 34568|
|Target Version||Fixed in Version|
|Summary||0002909: Session will be destroyed as soon as changes the user agent!|
|Description||The session will be destroyed when a call is made under the same session ID but different user agent.|
Sequence: Basket-content, current login, etc. are lost.
|Steps To Reproduce||1st Creating a session (Log in or create an item in the shopping cart)|
2nd Change in the browser user-agent
|Additional Information||Solution: _checkUserAgent remove () from oxSession.|
|Tags||No tags attached.|
The procedure to destroy the session if user agent changes causes some problems with antivirus tools like trend micro, which make a request to each site to detect drive by infections. Therefore, the user agent check should be improved or removed.
||@developers: check from source code side if such issue still exist|
||That is very annoying because FirePHP extends the user agent automatically and therefore session is resetted.|
Reminder sent to: webstube
Such behavior (like dropping the session if user agent is changed) was planned as an additional security check. It helps to deny access to confidential data (orders, accounts, etc.) in case if session was stolen by some third party user. Checking the change of browser agent is one ways to detect such illegal case.