$_SERVER['HTTP_USER_AGENT'] changing on Safari (iOS)

Question

I have noticed that Safari provides different user agents depending on what seems to be the state of the session in php. The very first connection to the server provides a user agent string like this:

MobileSafari/9537.53 CFNetwork/672.1.13 Darwin/14.0.0

But any later connections once the session is started gives:

Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko)_Version/7.0 Mobile/11D167 Safari/9537.53

What is going on? I am storing a hash of the the user agent in my session wrapper in an attempt to limit damage from a compromised account. Does this mean I will have to scrap that check?

(I have only tested this on iOS7 and PHP)

Answer 1

MobileSafari/9537.53 CFNetwork/672.1.13 Darwin/14.0.0

The CFNetwork user agent is only a crawler process of the mobile safari. This will retrieve fav or touch icons. The CFNetwork requests depends on the iOS or Mac OS X version, the first token only identify the APP. If you want to know more about the versions, here is a good overview over the iOS and Mac OS X CFNetwork version: http://user-agents.me/cfnetwork-version-list

All other request happens with this user agent string:

Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko)_Version/7.0 Mobile/11D167 Safari/9537.53

If you take a look to your serverlogs you will see, that every .css, .html, .php, .jpg ... request happens with the Mozilla user agent string.

According to your question: ignore the CFNetwork user agent string in your check.