Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
The browser you are using is different than the one that initiated the session.
#1
Hi!
We use IntraWeb for both a web application and a backend for apps and other web applications, and we recently migrated to version 15.2.20 with Delphi 10.4.

Now sometimes this message shows up in the log:

"The browser you are using is different than the one that initiated the session."

On some servers it happens every time when we try to receive data using an app, and then the app cannot continue.
On other servers it happens occasionally with a standard intraweb application, but the end users does not seen to notice.

The only way we found to fix it is to turn off CheckSameUA.

The error seems to originate from the parts of the code that is not in the downloadable source code.

Any suggestions?

Kind regards, David
Reply
#2
This is not a bug, but a security feature. It is working as designed. This happens normally when there is a misconfigured proxy interfering, or when the users connection is being attacked/intercepted and why IntraWeb does this. This has not changed from 14 to 15 and has been present for many versions.
Reply
#3
"Now sometimes this message shows up in the log"

Which log are you referring to?
Reply
#4
I'm not sure if I understand what exactly you mean by:

"On some servers it happens every time when we try to receive data using an app, and then the app cannot continue."

How are you receiving data? Are you exposing some URL as a content handler or something?

Some context: When the application starts, IntraWeb stores the IP and the hash code of the user agent string (the browser) which initiated the session. At each subsequent request IntraWeb can *optionally* compare the IP and the UA hash with the original ones. If something changed, it can *optionally* raise an exception and drop the session.

What you need to figure out is why the UA is changing between requests? Is it a legit scenario? If so, you should just turn off this feature (ServerController.SecurityOptions.CheckUA) or, if not, why is it happening?
Reply
#5
@kudzu:
"Which log are you referring to?"
- We use the TIWExceptionLogger

@Alexandre Machado:
"How are you receiving data?"
- We have an app that uses a TRESTRequest to retrieve data from an api via a content handler. The first request (when the app logs in) works, but the second (when the app retieves data) fails with the aforementioned message. I will take your advice an check if the user agent of the TRESTRequest somehow changes.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)