| Matching the User-Agent in the Session Class |
[eluser]WanWizard[/eluser]
Think I've found the issue at hand, thanks due to some debugging of another "sufferer". See http://ellislab.com/forums/viewthread/191097/.
[eluser]InsiteFX[/eluser]
This is the line in the Session Class: Code: // Does the User Agent Match?InsiteFX
[eluser]WanWizard[/eluser]
It should be removed all together. If the database column is defined big enough (i.e. TEXT instead of VARCHAR), no substr() is needed...
[eluser]caleblloyd[/eluser]
I agree that it is probably this version of IE8 falling back to compatibility mode that causes the UA to change. My web application goes through a series of redirects to pass session data across 2 domains so that the user is automatically authenticated upon getting to the second domain. It is possible that the version of IE8 I am using flips into compatibility mode upon 2 or more redirects within one page request. I work in an office with ~15 computers with IE8 and can only recreate the bug on 1 of the computers. So it is very possible that this computer has a different minor version of IE8 with this bug and it got fixed in a later IE8 update. In response to WanWizard- Quote:Because it’s a security feature, and nobody has ever seen a browser that alters it’s UA string before? I'd like to reiterate: Quote:Most people that are capable of understanding how to steal a cookie over an unsecured connection are also capable of spoofing the user-agent quite easily, so I do not think this is a strong enough argument to call for always matching the user-agent. One common unsecured cookie-stealing Firefox Extension, Firesheep, even has a checkbox to automatically match the UA, so this is an easily defeated "security feature". And I have found other instances (I will admit, they are rare) of people running into the same IE bug that I have. In response to Hoopoe- Quote:so changing sess_match_useragent to FALSE will solve it ? Yes, that fixes the problem.
[eluser]InsiteFX[/eluser]
@WanWizard, IE can change the user agent depending on a meta tag for backwards compatibility using a UA tag I can tell it to use IE7 IE8 or run standard with IE9! Some web sites set this meta tag, the user can also change this in the browser. InsiteFX
[eluser]WanWizard[/eluser]
Ah, that is great.  But still, for any given site it should always be the same (if triggered by a meta tag), so related to sessions it shouldn't be an issue.
[eluser]mahni1390[/eluser]
;-) You do know that the user_agent field in the session table has been changed! You didn’t happen to jump between IE8 and compatibility mode did you? I can only recreate this bug in IE 8, and specifically on an XP SP3 machine so it is likely the minor version of IE 8 on this computer. But other users of my website have had this problem in IE before, which brings me back to my original question [url="http://www.parscanada.com"]مهاجرت به کانادا[/url]
[eluser]InsiteFX[/eluser]
@WanWizard, Yes it should be, but there's one problem with this and that is that the user can also change it on the fly in their browser. Plus IE9 now has a compatibility mode that will also change it. IF your checking for IE the only thing you really need to check is MSIE version! All IE browser return MSIE version. InsiteFX
[eluser]renju[/eluser]
Webpage error details User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727) Timestamp: Fri, 1 Jul 2011 09:52:24 UTC Message: Object expected Line: 251 Char: 1 Code: 0 URI: http://localhost/donaldson_toolbox/cross...ce/index/1 Showing error in ie7. I changed $config['sess_match_useragent'] = FALSE; but no effect. please sent have any clue to resolve the issue?
[eluser]osci[/eluser]
[quote author="renju" date="1309532503"]Webpage error details User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727) Timestamp: Fri, 1 Jul 2011 09:52:24 UTC Message: Object expected Line: 251 Char: 1 Code: 0 URI: http://localhost/donaldson_toolbox/cross...ce/index/1 Showing error in ie7. I changed $config['sess_match_useragent'] = FALSE; but no effect. please sent have any clue to resolve the issue?[/quote] Object expected is your error. I would check line 251, or 250 since I see char:1. What you are passing is either mistyped, not an object or not initiated (loaded). |
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
