IE9 User Agent String is different when linked to versus directly typing in the URL

Question

I have code as follows to make a session more secure through the use of an MD5 of the UA and a seed.

if (!isset($_SESSION['key']))
{
    $_SESSION['key']=md5($_SERVER['HTTP_USER_AGENT'] . $UA_SEED);
    $session_is_valid = TRUE;
}
else if($_SESSION['key'] != md5($_SERVER['HTTP_USER_AGENT'] . $UA_SEED))
{
    $session_is_valid = FALSE;
    exit;
}

The code works fine but IE9 has an agenda of its own. When accessing my website directly by typing in the URL, the UA is sent as

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) 

If I access it through a link from another website, the UA is sent as

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

Is there any workaround to this? Other browsers do no such shenanigans.

P.S. I understand that this added form of "security" is limited but something is better than nothing.

Answer 1

Most likely you are typing the URL in a slightly different way which is causing IE to find it in your list of websites to render in Compatibility View. Unless you need Compatiblity View, you should remove your website from the list in Tools > Compatiblity View Settings and consider disabling it altogether.

Answer 2

From your strings, one is MSIE 7.0 and the other is MSIE 9.0. This blog post says that in IE9 and onwards, only the shorter UA string will be used (unless compability mode or version emulation using the F12 dev tools are used).

So your issue most likely point to one of the following:

• You have compatibility mode turned on.
• You have the IE version set to 7.0 in the F12 developer tools.
• IE's settings are messed up and some sites show under compatibility mode. In this case, you should reset IE's settings to default.