2

I am developing web site and mobile(iPhone/iPad, Android) app version.
A web site and mobile app is accessing to same URLs. e.g. http://xxx.xxx.xxx/register.php
So, as you know, on mobile apps there are no SESSION concept for PHP.
So, I need to distinguish what is the web browser requesting or app requesting for mobile device on the any requesting on single URL.
NOTE!!!! This is not the problem to distinguish the mobile web browser using USER AGENT property
How can I distinguish the request what is the request from browser(PC/Mobile Browser) ? or from mobile app?
And also, I hope not to use the $_GET[] variable for this problem when requesting.
Please help me.

Kind regards

engel0088
  • 203
  • 3
  • 12
  • Dear, Thanks,Of course I can use USER AGENT property, but that is a value for mobile browser and PC browser.i.e. for only web browser.But I need to distinguish the browser or mobile app. – engel0088 Dec 17 '13 at 15:53
  • let the mobile app make a `post` request, while the browsers make a `get` request for data – Rachit Mishra Dec 17 '13 at 15:56
  • look this https://mobiforge.com/research-analysis/webviews-and-user-agent-strings – Hector Davila Jul 27 '17 at 16:35

3 Answers3

1

You can use the user agent string to differentiate between different browsers and apps. In PHP, you can retrieve it via $_SERVER['HTTP_USER_AGENT'].

neilco
  • 7,964
  • 2
  • 36
  • 41
  • Dear, Thanks,Of course I can use USER AGENT property, but that is a value for mobile browser and PC browser.i.e. for only web browser.But I need to distinguish the browser or mobile app. – engel0088 Dec 17 '13 at 15:52
  • Not true. The user agent is __not__ limited to browsers. It's just a HTTP header so __any__ app can send it. For iOS apps, HTTP requests made using `NSURLRequest` have a user agent string. By default, it looks something like this: `/ CFNetwork/609.1.4 Darwin/12.4.0` You can even change it, should you wish. – neilco Dec 17 '13 at 15:57
  • Really? then could you the way to distinguish .. I only need to ananlyze browser or mobile apps? – engel0088 Dec 17 '13 at 16:00
  • @neilco I am really unfamiliar with app development, but does the user agent change when making a `NSURLRequest` in a particular app and using the built-in web browser? What about on Android? Do apps send a specific user agent different from the Android browser? I would assume that if the apps can render the HTML that they would probably open up a new web browser process and use the same (or similar) user agent string. – Mike Dec 17 '13 at 16:06
  • @Mike Mobile Safari has its own user agent, UIWebView (used for creating in-app browsers) has its own user agent, and programmatic requests made using NSURLRequest have their own user agent (albeit one which developers can modify). I'm not an Android developer so I'm not going to answer anything about Android. – neilco Dec 17 '13 at 16:11
  • Hmm well if developers can modify the user agent, then your answer would work perfectly. It appears that [Android handles HTTP connections similarly](http://stackoverflow.com/questions/3904467/android-http-user-agent) in that people can specify the user agent header with any request. – Mike Dec 17 '13 at 16:16
  • However with that said, it does appear that the OP is [wrong](http://stackoverflow.com/questions/4597763/persisting-cookies-in-an-ios-application) in assuming you can't set cookies in apps. – Mike Dec 17 '13 at 16:18
  • @Mike Yep, at least from an iOS perspective, you can set cookies for requests made using NSURLRequest. And of course, it's worth mentioning that both cookies and user agent strings are merely HTTP headers than can easily be spoofed. – neilco Dec 17 '13 at 16:21
  • @neilco Well, cookies are headers, but they also need to be stored somewhere on the client to actually be useful. Perhaps the OP simply doesn't know how to store them. – Mike Dec 17 '13 at 16:23
  • @Mike And the answer to that is elsewhere on [Stack Overflow](http://stackoverflow.com/questions/4597763/persisting-cookies-in-an-ios-application?lq=1). – neilco Dec 17 '13 at 16:30
  • @neilco Yes, I linked to it above. – Mike Dec 17 '13 at 16:31
0

I think you're getting several things wrong here. Sessions are a mere artifact based on cookies, but instead of sending the raw data to the client PHP in a cookie PHP just send an ID.

You can set PHP to handle sessions via GET, but your app will have to handle this. And you could provide different endpoints for the mobile app and the normal user. You can also (in most environments) set the user agent to something your PHP app can handle.

Anyway, if you're not implementing COOKIES (or sessions for that matter) in your mobile app you will have to use either custom headers, GET or POST.

César
  • 370
  • 1
  • 9
  • Dear, Thanks,Of course I can use USER AGENT property, but that is a value for mobile browser and PC browser.i.e. for only web browser.But I need to distinguish the browser or mobile app. – engel0088 Dec 17 '13 at 15:51
  • But you can set a user agent like "myappuseragent" that will identify your app against other browsers. But to identify a user on your app you should use sessions / tokens over cookies or GET. – César Dec 17 '13 at 16:45
0

You're going about it the wrong way. There are both mobile browsers that do support sessions as well as desktop browsers with sessions disabled. To detect a mobile browser, the only way would be to use the user agent string, however this can be modified quite easily. A better solution would be to actually detect whether sessions are enabled. You can do this with JavaScript. In your main PHP script start the session and set some sort of variable:

session_start();
$_SESSION['var'] = "test";

And then you can send an AJAX request to see whether it actually started or not. Here is a jQuery example:

var session_check = $.ajax({
    url: "/ajax-check-session.php",
    type: "get"
});

var sessions = true;
session_check.done(function (session_response, textStatus, jqXHR){
    if (session_response != "enabled") {
        sessions = false;
    }

    if (sessions == false) {
        // sessions are disabled
    }
    else {
        // sessions are enabled
    }
});

And ajax-check-session.php:

session_start();
if (count($_SESSION) == 0) {
    echo "Sessions are disabled";
}
echo "enabled";

However keep in mind that probably a high percentage of people who have purposely disabled sessions have also purposely disabled javascript. If you decide to make JS necessary (which is usually a bad idea), you can handle this by using the <noscript> tag, telling people that they need JS enabled in order to use your site, and then when they enable JS, you can handle disabled sessions.

Mike
  • 23,542
  • 14
  • 76
  • 87
  • Dear, Thanks,Of course I can use USER AGENT property, but that is a value for mobile browser and PC browser.i.e. for only web browser.But I need to distinguish the browser or mobile app. – engel0088 Dec 17 '13 at 15:50
  • Why do you want to detect mobile or desktop? You said it was because mobile browsers do not support session cookies, but I told you that is an incorrect assumption. – Mike Dec 17 '13 at 15:54
  • I said : on mobile apps there are no SESSION concept for PHP.i.e. it is [apps], and is not [browser] – engel0088 Dec 17 '13 at 15:57
  • Do they support JavaScript? – Mike Dec 17 '13 at 15:59