Posts: 2
Threads: 1
Joined: May 2021
Reputation:
0
Location: Sweden
05-04-2021, 11:53 AM
(This post was last modified: 05-05-2021, 04:46 AM by DavidF.)
Hi!
We use IntraWeb for both a web application and a backend for apps and other web applications, and we recently migrated to version 15.2.20 with Delphi 10.4.
Now sometimes this message shows up in the log:
"The browser you are using is different than the one that initiated the session."
On some servers it happens every time when we try to receive data using an app, and then the app cannot continue.
On other servers it happens occasionally with a standard intraweb application, but the end users does not seen to notice.
The only way we found to fix it is to turn off CheckSameUA.
The error seems to originate from the parts of the code that is not in the downloadable source code.
Any suggestions?
Kind regards, David
Posts: 1,136
Threads: 37
Joined: Mar 2018
Reputation:
30
Location: Limassol, Cyprus
This is not a bug, but a security feature. It is working as designed. This happens normally when there is a misconfigured proxy interfering, or when the users connection is being attacked/intercepted and why IntraWeb does this. This has not changed from 14 to 15 and has been present for many versions.
Posts: 1,136
Threads: 37
Joined: Mar 2018
Reputation:
30
Location: Limassol, Cyprus
"Now sometimes this message shows up in the log"
Which log are you referring to?
Posts: 2,261
Threads: 196
Joined: Mar 2018
Reputation:
86
Location: Auckland, New Zealand
05-04-2021, 09:18 PM
(This post was last modified: 05-04-2021, 09:23 PM by Alexandre Machado.)
I'm not sure if I understand what exactly you mean by:
"On some servers it happens every time when we try to receive data using an app, and then the app cannot continue."
How are you receiving data? Are you exposing some URL as a content handler or something?
Some context: When the application starts, IntraWeb stores the IP and the hash code of the user agent string (the browser) which initiated the session. At each subsequent request IntraWeb can *optionally* compare the IP and the UA hash with the original ones. If something changed, it can *optionally* raise an exception and drop the session.
What you need to figure out is why the UA is changing between requests? Is it a legit scenario? If so, you should just turn off this feature (ServerController.SecurityOptions.CheckUA) or, if not, why is it happening?
Posts: 2
Threads: 1
Joined: May 2021
Reputation:
0
Location: Sweden
@kudzu:
"Which log are you referring to?"
- We use the TIWExceptionLogger
@Alexandre Machado:
"How are you receiving data?"
- We have an app that uses a TRESTRequest to retrieve data from an api via a content handler. The first request (when the app logs in) works, but the second (when the app retieves data) fails with the aforementioned message. I will take your advice an check if the user agent of the TRESTRequest somehow changes.
Posts: 1
Threads: 0
Joined: Apr 2022
Reputation:
0
Location: France
I have updated my Application last Saturday ( IW15.2.53 + Delphi 11.1 + CGDevtools ) , everything works fine with all bowsers except EDGE.
I Tried with standalone application on my PC and got the following result !!
Can you help
Error message: The browser you are using is different than the one that initiated the session.
Error details:
[font="Trebuchet MS", Arial, Helvetica, sans-serif]------------------------------------------------------------------------------------------------------------------------
Exception message : The browser you are using is different than the one that initiated the session.
Security check failed. Please restart the application.
Exception class : EIWSecurityException
Exception details : Session UA: / Request UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Edg/100.0.1185.50
Exception address : 007535A2
Exception Time : 2022-04-25 16:10:17.751
------------------------------------------------------------------------------------------------------------------------
Client IP address : 127.0.0.1
Request PathInfo : /
Request Method : POST
Request User Agent : Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Edg/100.0.1185.50
Cookies Count : 1
------------------------------------------------------------------------------------------------------------------------
[Stack trace is empty][/font]