Comments on: Chrome Frame’s Shifty User-Agent http://blog.footle.org/2009/12/15/chrome-frames-shifty-user-agent/ (intr.v.) 1. To waste time; trifle. 2. To talk nonsense. (n.) Nonsense; foolishness Mon, 10 May 2010 23:21:51 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Lawrence http://blog.footle.org/2009/12/15/chrome-frames-shifty-user-agent/comment-page-1/#comment-1247 Lawrence Wed, 24 Mar 2010 20:47:46 +0000 http://blog.footle.org/?p=120#comment-1247 Hi Brad, we've run into the same issue. Like you we also invalidate sessions when the user agent changes and this behavior from Chrome Frame seems to be causing problems for our users too. We'll probably have to do what you did as well -- strip the chromeframe part off the user agent string before comparing it. We've also run into a similar problem with IE8 -- it can change it's behavior mid-session and switch over into "IE7 compatibility mode". When it does that, the UA string switches to MSIE/7.x from MSIE/8.x. As we'll do with the chromeframe issue, our solution was to modify the user agent string before doing the check -- masking out the version number in IE user agent strings to end up with MSIE/#.# no matter whether it is 7 or 8. Like you I wonder if this security measure is even worth doing still. ---Lawrence Hi Brad, we’ve run into the same issue. Like you we also invalidate sessions when the user agent changes and this behavior from Chrome Frame seems to be causing problems for our users too. We’ll probably have to do what you did as well — strip the chromeframe part off the user agent string before comparing it.

We’ve also run into a similar problem with IE8 — it can change it’s behavior mid-session and switch over into “IE7 compatibility mode”. When it does that, the UA string switches to MSIE/7.x from MSIE/8.x. As we’ll do with the chromeframe issue, our solution was to modify the user agent string before doing the check — masking out the version number in IE user agent strings to end up with MSIE/#.# no matter whether it is 7 or 8.

Like you I wonder if this security measure is even worth doing still.

—Lawrence

]]>