Hello! I log into my server from the browser and in the request comes information about the user agent like this:

"Mozilla / 5.0 (Windows NT 10.0; Win64; x64) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome / 64.0.3282.186 Safari / 537.36"

How to determine the real browser from this information, I can not understand. Of course, I know which browser I come from myself, but what if this is a user from the network? What are the ways to determine the real browser (and other agents), without recourse to third-party online services with each request? It is necessary to collect statistics and protect against theft of sessions.

  • This user-agent can be changed in two accounts, you should not build a defense on it - Vladimir Martyanov
  • I will not build protection only on the user-agent. But nevertheless, it is suitable for statistics, usually few people replace. Well, the question is, what are the ways to determine the agent, in addition to reading the user-agent-header? - Alexander
  • There are no reliable ones; all data coming from the client is easily replaced. - Vladimir Martyanov
  • How then protect sessions? - Alexander
  • Do not let them leak, for example? - Vladimir Martyanov

0