I have no idea why that would happen and I find it odd that you have two different images for it too. I'm probably going to register for your site in a little bit.
I only get the double alert for my own site (which I'm logged in as an admin all the time). Don't get it for here, Adminextra.com or any other XF site.
It's been on since 9am this morning after being fully shutdown last night (not suspended). To be honest it's difficult to notice a pattern as I have two screens so I'm not always looking when it pops up.
This last instance at least showed the same correct image on each notification though!
var xhr = new XMLHttpRequest();
xhr.open("GET", url + '?_xfResponseType=json', true);
xhr.setRequestHeader('X_REQUESTED_WITH', 'XMLHttpRequest');
xhr.onreadystatechange = function()
{
}
xhr.send();
The part of your forum that should tell it not to update the session table if that header is sent can be found here (looking at v1.2.4).
/library/XenForo/Controller.php
PHP:
public function canUpdateSessionActivity($controllerName, $action, &$newState)
{
// don't update session activity for an AJAX request
if ($this->_request->isXmlHttpRequest())
{
return false;
}
return true;
}
My theory is that some people have a server setting that rejects headers sent from an external referrer.
I think I found the issue, and it lies with Apache 2.4
From Apache 2.4, 'unsafe' headers were ignored and not passed to the environment variables. These include headers with underscores, like the header that xenforo checks for and that is being passed in.
Good trouble shooting. I figured it had something to do with that because internal Ajax requests that set the same header and don't update the session activity don't have any issue.
Just a little update on my workaround, I haven't had Matthew appear all day, so either he uninstalled the extension, hasn't been using Chrome, or the workaround works