What does this error mean?

[Claudia M]

I know I've probably asked this before but I can't find the answer.  What does this error mean and how do I fix it?

[24-Oct-2018 06:49:46 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '107.77.169.11' New IP Address: '107.77.169.11' Old User Agent: 'Mozilla/5.0 (Linux; Android 8.0.0; SM-G930V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.64 Mobile Safari/537.36' New User Agent: 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.64 Safari/537.36' in /home/claudias/public_html/classes/session.class.php on line 708

Thanks in advance!

Claudia

[bsmither]

In an effort to prevent "session hijacking", CubeCart records the IP address and the browser's [reported] User Agent string (the identifier that states the brand, version, and major compatibilities).

Session hijacking is (I actually do not know the real technical definition) where someone else manages to grab your cookie (perhaps through some javascript) and then accesses the same site as you pretending to be you.

So, when CubeCart sees the same cookie (as the basis for your session visiting the site) but coming from a different IP address (switching between cell towers or Wi-Fi hotspots) or from a different browser, CubeCart logs a Warning and kills the session (if you were logged in, now you're not -- if you had stuff in your shopping basket, now you don't).

The recent bug-a-boo is that one or two brands of browser (and others with a plugin) implement a forced "do not track" scheme by randomly changing the User Agent string at random intervals to thwart "profiling" or "fingerprinting" a visitor across multiple sites.

 

[Claudia M]

Got it.  Thank you Brian.