Hello,
I have a web application in cloud which recently encountered unexpected security blocks due to user agent variations during a user's valid session. When we monitored the server's log, we found out the following
1) The user logged in from IE and supplied the following UAS:
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/7.0)
2) At a certain point of their request, the UAS changed to:
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
I have had a look in the documentation about platform, rendering engine versions here:
https://msdn.microsoft.com/en-us/library/ms537503.aspx
After reading through this, I am not sure how this is making any sense. By your documentation it seems to suggest that:
1) The user's PC is originally on Windows 7 (64-bit) but using Internet Explorer 10 (32-bit version) with Trident 7.0 Engine.
2) At a totally random point of their session on the website, the browser is now identifying itself as IE11 since it's supplying rv:11.0 token. Also, like Gecko seems to suggest that the IE11 behaviour is being promoted?
Please note that IE is the only browser that radically changes this User Agent String as such. No other browser currently does that during a web login session. The only exception is Firefox version upgrade scenario, which triggers a "Playback" of your login sessions on the last opened tabs. However, if the user closes and reopen the browser to log back in, the problem doesn't occur.
I believe this is nothing related to feature detection and can send misleading/false security warnings to a lot of firewalls/applications. Unless this is a documented behaviour (in which case, please point me in the right direction) - Why does this happen?
Kindest Regards,