Our client has this little LAN with reception terminals where they stream Chrome
web browser through Citrix XenApp
. Why? I don't know. And it’s weird, but this tandem seems to spoil the data they submit on our sites forms. Some things that physically can not get cached — get cached somewhere in this XenApp
thing.
It’s a very important bug for us, because we manage payment processing and it is cashing sensitive cardholder data, which is sooo non PCI DDS compatible!
We’ve told them to install normal Chrome browsers to the end machines, and they say they did. But next day — same issue happens. Then they say — “oh, it was one of the old machines with Citrix XenApp
again.” Meh! Now maybe a week passes and we get same issue again, but they claim that they don’t use XenApp
anymore, it’s a normal local Chrome.
I don’t believe them. But how can we prove them wrong?
TL;DR: is it possible to detect if:
- A site visitor used normal local Chrome browser or
- Visited under a Chrome browser streamed through
Citrix XenApp
?
Here’s an example of USER_AGENT
we're getting:
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36
It looks like a totally normal Chrome build. Tried to look through HTTP headers and there is nothing really special there.
Is there a way to determine this, even theoretically?
- Our application stack is
LAMP
, thus the PHP tag. - Please don’t suggest that it’s our software bug. We have hundreds of clients, millions of transactions and this situation happens only with this
Citrix XenApp
crazy client.
EDIT: this is not a duplicate! Here I'm talking about a website running in browser, and server-side scripting. Not about a windows application with APIs and DLLs