Session Invalidated. Session user agent...

Permalink
Users on my website keep getting this error when they are logging in:

Session Invalidated. Session user agent "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1" did not match provided agent "Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1"

Any ideas on reducing this? It's happening quite a bit and I have had some feedback that it's a bit frustrating.

drumrby
View Replies:
weyboat replied on at Permalink Reply
weyboat
I suspect this is caused by users logging in with an Apple iPhone with IOS 11.4 (the latest one) installed.
Take a look at concrete/config/devices.php to see a list of user agents..
You may need to update it by adding this new user agent code
Mozilla/5.0 (iPhone; CPU iPhone OS 11_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1

Some useful info here..
https://developers.whatismybrowser.com/useragents/parse/697853-safar...
drumrby replied on at Permalink Reply
drumrby
Thank you for your prompt response!

So would I just add an additional "agent" line on each of those devices, or would I modify the existing "agent" line?
weyboat replied on at Permalink Reply
weyboat
I think the 'Core' team would need to look at this and so I would post the link to this forum page in the 'Dev' channel on Slack.
A3020 replied on at Permalink Reply
A3020
If you are willing to make your instance less secure, you could 'solve' it by disabling invalidation via the config.

<?php
return [
    'security' => [
        'session' => [
            'invalidate_on_user_agent_mismatch' => false,
        ],
    ],
];


(can be added / merged to /application/config/generated_overrides/concrete.php)
weyboat replied on at Permalink Reply
weyboat
Or..
If your theme is fully responsive, turn off the Mobile Theme Switcher.
This will stop the devices.php looking for user-agent data.
jero replied on at Permalink Reply
jero
I'm seeing this with a site I've just built in 5.8.4.3

This time the user is using a Mac which seems to randomly drop parts of its user agent string

Session Invalidated. Session user agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15" did not match provided agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.1 Safari/605.1.15"

Note Version/12.0.1 != Version/12.0

As A3020 points out, you can override it, but it should be done in application/config/concrete.php which may need to be added if it doesn't exist.