[Tickets #3282] NEW: logouts due to browser string changes.

bugs@bugs.horde.org bugs at bugs.horde.org
Tue Jan 17 11:04:41 PST 2006 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=3282
-----------------------------------------------------------------------
 Ticket             | 3282
 Created By         | mike.ryan at tufts.edu
 Summary            | logouts due to browser string changes.
 Queue              | Horde Framework Packages
 Version            | HEAD
 State              | New
 Priority           | 1. Low
 Type               | Enhancement
 Owners             | 
-----------------------------------------------------------------------


mike.ryan at tufts.edu (2006-01-17 11:04) wrote:

we're using horde 3.0.5, imp 4.0.4, turba 2.0.4, and ingo 1.0.2 for webmail,
and running into a variety of cases where users are logged out prematurely.

we've tracked some of these to AUTH_REASON_BROWSER logouts -- there seem to
be quite a few browsers out there that can change their User-Agent strings
in the middle of a session.  a few examples:

1) netscape 8 sometimes switches rendering engines in the middle of a
session, and sends a different User-Agent string depending on which
rendering engine it's using, e.g. "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; .NET CLR 1.1.4322) Netscape/8.0.4" or "Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012
Netscape/8.0.4".

2) safari appears to occasionally switch from a full User-Agent string such
as "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8 (KHTML,
like Gecko) Safari/312.5" to "CFNetwork/1.1".

3) a browser identifying itself as "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; .NET CLR 1.1.4322; MSN 9.0;MSN 9.1; MSNbVZ02;
MSNmen-us; MSNcOTH; MPLUS)" sometimes has an extra space before "MSN 9.0".

4) a browser identifying itself as "Mozilla/4.0 (compatible; MSIE 6.0;
Windows 98; MSN 6.1; MSNbMSFT; MSNmen-us; MSNc11; v5m)" occasionally
substitutes "MSNczz" for "MSNc11".

i suspect we'll wind up turning off AUTH_REASON_BROWSER entirely -- trying
to keep up with browser quirks of this sort seems like more trouble than
it's worth.

More information about the bugs mailing list