user agent sent to all scripts when loading?

[ohdang888]

Just double checking:

 

I have a <script> that calls a php file to compose the javascript. Just double checking: when a browser loads content from a <link> or <script> tag, it always sends the appropriate HTTP_USER_AGENT string as well, correct?

 

I just want to sure it ALWAYS sends it before i rely on its functionality.

 

Thanks

[PFMaBiSmAd]

Every HTTP request that the browser makes includes the HTTP_USER_AGENT as part of that request. External css and external javascript files are requested by the browser using a HTTP request.

[ohdang888]

Every HTTP request that the browser makes includes the HTTP_USER_AGENT as part of that request. External css and external javascript files are requested by the browser using a HTTP request.

 

ohh ok makes sense. Thanks! Also, one more question:

 

I'm using this <script> call to log info about a business. How can i validate it? A.K.A., i have this url (http://mysite.com/log?id=6).. Obvisouly, I don't want someone to be able to log go directly to that URL and intentionally try to screw with results. So... is the only way to do this is to use a session() to limit data logged per user. BUT, then "bad-people" could just delete their cookies, change their IP, and continue to process.

 

Any solutions to this? There's gotta be something! (especially seeing as though there's tons of JavaScript API"s by facebook/group/big guys)

Thanks!

 

EDIT: Also, i know there's JS to be used to pass the current URL in the url to the javascript... but that could be forged as well, i assume