: Website visitors with same PHP session ID, same cookies, but different IPs and user agents, all within one second. What are they and how to stop them? We've noticed an unusual and growing pattern
We've noticed an unusual and growing pattern in visits to our website.
When a user visits, we set a PHP session ID, set cookies, and record the user agent and ip.
What we've seen happening a lot recently is a visit from a user who has no PHP session ID and no cookies set by us. Then within the next second, we get multiple visits from different users who have:
the same PHP session ID as the first visitor
same cookies as the first visitor
IPs all different from each other (geolocation usually shows different countries for the different IPs)
user_agents all different from each other (e.g, iPhone, Win7, tablet, Android, etc)
In one second, we get 5-20 of these visits. Some have http_referer strings (usually google pages of countries which correspond to the IP), some have nothing.
Then, we never see it again: not that PHP session ID, not the cookies we set, not the IPs.
For us, we never saw this until the last few months. It started slowly at the end of June 2014, and has now grown steadily to be very many.
We looked through these answers. We might be wrong, but they don't seem to apply to our situation:
The same user from different IP-addresses?(the users in this question are being routed through different proxies, but it's within 30 seconds, and not several all within one second; also not presumably from IPs of different countries)
stackoverflow.com/questions/15966812/user-recognition-without-cookies-or-local-storage https://stackoverflow.com/questions/13412864/same-session-id-on-same-ip-address-but-different-ports
And this question addresses different session IDs from a single IP: stackoverflow.com/questions/12712033/different-session-id-from-the-same-ip-on-the-same-time but our situation is the opposite since we have the same session ID from multiple IPs.
Anyone else seen this? Any idea what this is?
What's the best way to stop this most efficiently?
More posts by @Berryessa370
1 Comments
Sorted by latest first Latest Oldest Best
I do...
By that I mean that my mobile browser chrome had a new feature lately:
Passing by a proxy for compressing the website before sending me the download...
For that, google have multiple i.p. change for every different visits because well it's some sort of derivated proxy each time...
I disabled it because it reset my loggedin credential of my coding app f.t.p. on server application every single time... (i.p. change protected server connection...) At the first time I was like trying and trying to reconnect like crazy pulling out my hair and when I calm down I finally figured out what was changed from last time...
So when somebody have an mobile that trying to compress web content before sending him it pass by an different proxy but session and cookies are kept...
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.