Search code examples
phpgoogle-chromehttpcitrixxenapp

How to detect if a site visitor is browsing the site through Citrix XenApp?


Our client has this little LAN with reception terminals where they stream Chrome web browser through Citrix XenApp. Why? I don't know. And it’s weird, but this tandem seems to spoil the data they submit on our sites forms. Some things that physically can not get cached — get cached somewhere in this XenApp thing.

It’s a very important bug for us, because we manage payment processing and it is cashing sensitive cardholder data, which is sooo non PCI DDS compatible!

We’ve told them to install normal Chrome browsers to the end machines, and they say they did. But next day — same issue happens. Then they say — “oh, it was one of the old machines with Citrix XenApp again.” Meh! Now maybe a week passes and we get same issue again, but they claim that they don’t use XenApp anymore, it’s a normal local Chrome.

I don’t believe them. But how can we prove them wrong?

TL;DR: is it possible to detect if:

  1. A site visitor used normal local Chrome browser or
  2. Visited under a Chrome browser streamed through Citrix XenApp?

Here’s an example of USER_AGENT we're getting:

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36

It looks like a totally normal Chrome build. Tried to look through HTTP headers and there is nothing really special there.

Is there a way to determine this, even theoretically?

  1. Our application stack is LAMP, thus the PHP tag.
  2. Please don’t suggest that it’s our software bug. We have hundreds of clients, millions of transactions and this situation happens only with this Citrix XenApp crazy client.

EDIT: this is not a duplicate! Here I'm talking about a website running in browser, and server-side scripting. Not about a windows application with APIs and DLLs


Solution

  • Short answer: you really can't.. XenApp is, for all intents and purposes, remote desktop. In fact at one point Microsoft RDP and Citrix were the same codebase licensed back and forth.

    Longer answer: When you launch Chrome via XenApp, Chrome is actually launched on the server. The display is then captured, redirected, and streamed to the client over ICA. The reason you can't tell with headers or HTTP traffic in general whether or not the user is running XenApp is that from a Chrome<->Webserver perspective (or any application really), nothing really changes. The only delta is in where the UI gets rendered.

    One thing I should mention is that if someone's running XenApp in a large-ish install, they probably have some NetScalers kicking around. If so, those can do all kinds of strange HTTP caching, so you may be looking in the wrong place for an explanation of your caching issues..