Hi.
I am trying to develop a login script whose security partially relies on USER_AGENT consistency from request to request. Recently I've discovered that people use applications that cycle through a list of proxies every N minutes/seconds to stay anonymous. Logically my thinking is, this proxy jumping will affect USER_AGENT consistency but I cannot be sure as I started programming websites not too long ago.
Could someone confirm or deny my concerns?
Thanks a lot.
USER_AGENT consistency
Moderator: General Moderators
User agents can be changed. I like timvw suggestion for building a user fingerprint:
viewtopic.php?t=34468
Hope that helps.
viewtopic.php?t=34468
Hope that helps.
Re: USER_AGENT consistency
I can definitively confirm that the user agent cannot be counted on to be consistent through a session. AOL users, anonymization-service users, and even some national ISP proxies all can and do change the user agent inconsistently.mu-ziq wrote: Could someone confirm or deny my concerns?
IP's also cannot be relied upon.
The best you can hope for is establishing a session, and maintaining the session against the session cookie.