[eluser]caleblloyd[/eluser]
I agree that it is probably this version of IE8 falling back to compatibility mode that causes the UA to change. My web application goes through a series of redirects to pass session data across 2 domains so that the user is automatically authenticated upon getting to the second domain. It is possible that the version of IE8 I am using flips into compatibility mode upon 2 or more redirects within one page request.
I work in an office with ~15 computers with IE8 and can only recreate the bug on 1 of the computers. So it is very possible that this computer has a different minor version of IE8 with this bug and it got fixed in a later IE8 update.
In response to WanWizard-
Quote:Because it’s a security feature, and nobody has ever seen a browser that alters it’s UA string before?
I'd like to reiterate:
Quote:Most people that are capable of understanding how to steal a cookie over an unsecured connection are also capable of spoofing the user-agent quite easily, so I do not think this is a strong enough argument to call for always matching the user-agent.
One common unsecured cookie-stealing Firefox Extension, Firesheep, even has a checkbox to automatically match the UA, so this is an easily defeated "security feature".
And I have found other instances (I will admit, they are rare) of people running into the same IE bug that I have.
In response to Hoopoe-
Quote:so changing sess_match_useragent to FALSE will solve it ?
Yes, that fixes the problem.
