Session id hijacked

[slic535]

i am using 5.1.4 and i am getting this error in my error log. one is a google adsbot thing. what needs to be done here. my customer base has dropped alot.

[14-Sep-2012 01:40:08] PHP Warning: Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '99.60.35.57' New IP Address: '99.60.35.57' Old User Agent: 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)' New User Agent: 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)' in /home/slic535/public_html/classes/session.class.php on line 631

[14-Sep-2012 03:49:58] PHP Notice: Cleaning cached files... in /home/slic535/public_html/classes/cache/cache.class.php on line 134

[14-Sep-2012 03:49:58] PHP Fatal error: Call to a member function has() on a non-object in /home/slic535/public_html/classes/seo.class.php on line 710

[14-Sep-2012 05:41:21] PHP Warning: Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '72.14.199.240' New IP Address: '72.14.199.240' Old User Agent: 'AdsBot-Google (+http://www.google.com/adsbot.html)' New User Agent: 'AdsBot-Google-Mobile (+http://www.google.com/mobile/adsbot.html) Mozilla (iPhone; U; CPU iPhone OS 3 0 like Mac OS X) AppleWebKit (KHTML, like Gecko) Mobile Safari' in /home/slic535/public_html/classes/session.class.php on line 631

[14-Sep-2012 08:06:46] PHP Warning: Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '98.85.147.77' New IP Address: '98.85.147.77' Old User Agent: 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)' New User Agent: 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)' in /home/slic535/public_html/classes/session.class.php on line 631

[bsmither]

This is a determination made by CC5 and an appropriate message is given to PHP's error-trapping functionality. Once there, CC5 also records it in its error log. Lets take a close look.

PHP Warning:

PHP also has Notices and Fatal Errors.

"Stored session data did not match DB record. Session aborted as possible session hijack."

This is the determination the CC5 made. It's a security test. The test is somewhat overly broad and ambiguous.

Old IP Address: '99.60.35.57'

New IP Address: '99.60.35.57'

Nothing wrong here.

Old User Agent: 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;...

New User Agent: 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1;...

Ooops! Looks like someone switch up from IE7 to IE8 between successive visits. That happens more often than you would think. When I allowed Firefox to go from 15.0.0 to 15.0.1, I had to log back in.

Now, the one about AdsBot-Google. That one is weird. The visitor goes from AdsBot-Google to AdsBot-Google-Mobile on their iPhone. I cannot speak to the capabilities of tethering a mobile to a laptop (or whatever) and sharing cookies.

The last one is another browser upgrade.

Sometimes I wonder if these browser upgrades are nothing more than some kind of User-Agent switching browser-helper-object or add-on. But I've not seen one that went from a higher version to a lower version.