Mobile Payment-fixed the problem of Firefox session loss on Android mobile devices

Speaking of this Firefox mobile version bug under Android, this is definitely a dog blood experience, such a regular release has been around for three months.

The task in this regular release is about payment enhancement. at the beginning, I completed this task with a consultant in the United States. After a few days, he said that he would help other region tasks to be more urgent. therefore, the current task needs to be completed independently. Of course, the importance of the payment module is not limited,Although I have already learned about the design of the payment module, it is really complicated. When I implement all the functions, the customer needs to pay for mobile devices and be compatible with all mobile devices,

1. How to identify mobile devices, including mobile phones and tablets.

2. How to maintain compatibility with different browsers in different mobile phone operating systems

Because our website is not customized for mobile devices, it is not very good for a web site to support mobile payment. Since the customer requested this...

Check msdn and find that there is an ismobiledevice attribute in Asp.net, so how to identify mobile devices is, I use the followingCodeFragment

Public bool ismobile
{< br> Get
{< br> httpbrowsercapabilities mybrowsercaps = request. browser;
return (system. web. configuration. httpcapabilitiesbase) mybrowsercaps ). ismobiledevice;
}< BR >}

By decompiling the DLL, you can view how ismobiledevice works and find that this property depends on the browser file in the folder.% Systemdrive % \ windows \ Microsoft. NET \ framework64 \ v4.0.30319 \ config \ browsersI did not make any special judgment on andrios OS, so I tested the above code using the andriod device and found that browsers under the andriod device could not be recognized as mobile devices.

Next I found this website http://detectmobilebrowsers.com/provides a regular expression for identifying mobile settings, as well as code snippets:

<%
String u = request. servervariables ["http_user_agent"];
RegEx B = new RegEx (@ "(Android | BB \ D + | meego ). + mobile | avantgo | Bada \/| BlackBerry | blazer | COMPAL | Eline | fennec | hiptop | iemobile | IP (hone | OD) | Iris | Kindle | LGE | maemo | MIDP | MMP | netfront | opera M (OB | in) I | Palm (OS )? | Phone | P (ixi | re) \/| plucker | pocket | PSP | series (4 | 6) 0 | Symbian | Treo | up \. (Browser | link) | Vodafone | WAP | Windows (Ce | phone) | xda | xiino ", regexoptions. ignorecase | regexoptions. multiline );
RegEx v = new RegEx (@ "1207 | 6310 | 6590 | too so | 4thp | 50 [1-6] I | 770s | 802s | a wa | ABAC | AC (ER | oo | S \-) | ai (KO | RN) | Al (av | ca | Co) | amoi | an (ex | ny | YW) | aptu | AR (CH | go) | as (Te | US) | attw | au (di | \-M | r | S) | avan | be (CK | ll | NQ) | BI (Lb | rd) | BL (AC | az) | Br (E | V) w | bumb | BW \-(N | U) | c55 \/| CAPI | ccwa | CDM \-| cell | chtm | cldc | cmd \-| Co (MP | nd) | craw | da (it | ll | NG) | dbte | DC \-S | Devi | dica | dmob | Do (c | P) O | DS (12 | \-d) | El (49 | ai) | EM (L2 | UL) | Er (IC | k0) | esl8 | EZ ([4-7] 0 | OS | wa | ze) | fetc | fly (\-| _) | G1 u | g560 | gene | GF \-5 | G \-Mo | go (\. w | OD) | GR (AD | UN) | haie | hcit | HD \-(M | p | t) | Hei \-| hi (Pt | Ta) | HP (I | IP) | HS \-c | HT (C (\-| _ | A | G | p | S | t) | TP) | Hu (AW | TC) | I \-(20 | go | Ma) | i230 | IAC (| \-| \/) | IBRO | idea | ig01 | ikom | im1k | Inno | ipaq | Iris | JA (T | V) A | jbro | jemu | jigs | KDDI | Keji | kgt (|\/) | Klon | KPT | kwc \-| weight (c | K) | le (no | XI) | lg (G | \/(k | L | u) | 50 | 54 | \-[A-W]) | libw | Lynx | M1 \-w | m3ga | M50 \/| Ma (Te | UI | XO) | MC (01 | 21 | CA) | M \-Cr | Me (RC | RI) | mi (o8 | OA | TS) | MMEF | Mo (01 | 02 | BI | de | Do | T (\-| o | V) | zz) | MT (50 | P1 | V) | mwbp | mywa | N10 [0-2] | N20 [2-3] | N30 (0 | 2) | n50 (0 | 2 | 5) | N7 (0 (0 | 1) | 10) | NE (c | M) \-| on | TF | WF | WG | wt) | NOK (6 | I) | nzph | o2im | OP (Ti | WV) | Oran | owg1 | P800 | Pan (A | d | T) | pdxg | PG (13 | \-([1-8] | C) | Phil | pire | pL (Ay | UC) | PN \-2 | Po (CK | RT | SE) | prox | psio | Pt \-G | QA \-A | QC (07 | 12 | 21 | 32 | 60 | \-[2-7] | I \-) | qtek | R380 | r600 | raks | rim9 | RO (VE | Zo) | s55 \/| SA (GE | Ma | mm | MS | ny | VA) | SC (01 | H \-| oo | P \-) | SDK \/| Se (C (\-| 0 | 1) | 47 | Mc | nd | RI) | SGH \-| Shar | SIE (\-| M) | SK \-0 | SL (45 | ID) | Sm (Al | ar | B3 | it | t5) | so (FT | NY) | Sp (01 | H \-| V) | Sy (01 | MB) | T2 (18 | 50) | T6 (00 | 10 | 18) | TA (GT | lk) | TCL \-| TDG \-| Tel (I | m) | Tim \-| T \-Mo | to (PL | SH) | TS (70 | M \-| m3 | M5) | TX \-9 | up (\. B | G1 | Si) | utst | v400 | v750 | Veri | Vi (RG | Te) | VK (40 | 5 [0-3] | \-V) | vm40 | Voda | vulc | VX (52 | 53 | 60 | 61 | 70 | 80 | 81 | 83 | 85 | 98) | W3C (\-|) | webc | whit | wi (G | NC | NW) | wmlb | wonu | x700 | Yas \-| your | zeto | ZTE \-", regexoptions. ignorecase | regexoptions. multiline );
If (B. ismatch (u) | V. ismatch (U. substring (0, 4 )))){
Response. Redirect ("http://detectmobilebrowser.com/mobile ");
}
%>

This Code contains two parts,

1. The first regular expression is determined by useragent,

2. The second regular expression is based on the mobile phone model.

However, if you look at the first regular expression, you will find that the iPad is missing, and the andriod device is not correct. After adjustment, this problem is solved, and the remaining problems will be solved one by one, due to the special nature of the payment test, we can only test the dev environment. We can get to the bank payment page correctly, and the rest is deemed to have been completed, because the user needs to test it later. When all the changes are sent to the QA environment, the user will test the following environments on different mobile devices:

Android/chorme; Android/Firefox; Android/opera; Android/Safari; IOS/safari, test devices: iPhone, iPad, Galaxy Note, Galaxy tab10.1, Nexus S,

The test result is okay in all environments, but session loss occurs only in Android/Firefox 16.0/17.0. The problem is described as follows:

After the payment is completed and the payment status is returned to our site, the original session is lost, so the page will jump directly to the login page.

By adding logs, the analysis shows that in Android/Firefox, when the bank returns to our site after the payment is complete, the browser's sessionid is a new, newly generated sesion. this shows why the logon page is accessed, because the new session does not contain form authentication information. In other environments, when the bank returns to our site, the browser can get the original sessionid, because the user information and status and form authentication information are in. This is the first time I encountered such a problem. Obviously, this is a browser-level bug. I share this information to the team and everyone understands that this is an issue of a browser, however, the user still insisted that the problem should be fixed before it can be launched.

I suddenly felt very wrong, because this problem is beyond the scope of developer's normal processing. Each browser has a different implementation mechanism, and we do not know how to proceed with the Bank's return actions, and I don't see how the user operates. I can't test the bank's payment process... it is too difficult to fix all these factors. But keep trying.

In my opinion, session loss occurs because the browser window is re-opened when the bank returns, and the form authentication and session ID of the new window are inconsistent with those of the original window, adding logs to analyze the cookies in sarafi and Firefox mobile versions confirms my thoughts. To fix this bug, make sure that the sessionid of the newly opened browser window is consistent with the original one, so the efforts of the next week are in this direction.

The final solution is:

If it is detected that the mobile version of Firefox is used, all the information in the cookies will be combined into a string, and the cookie information will be sent to the bank end. When the bank pays back to our website, first obtain the cookie information, and then parse the cookie information and add it to the cookies of response.