Odd behaviour of websession.GMTOffset

I have an app running on a webserver. I want to know the clients offset from GMT (in order to estimate Local Siderial Time with 30 minutes precision without having to know the exact client location)
So I use the time (on the server) and the session’ GMTOffset. I log these variables throughout the clients session that typically lasts about 10 minutes and sometimes the GMTOffset just changes. For instance from 1 to -7. I think this is impossible.

Thanks for any help.


I use this approach to get approximate location (longitude) without bothering the user for permission. It is very coarse and using this approach will not violate privacy. Of course I could use web location services too. But this indirect way should work and give the GMTOffset as a constant not changing over time!

Is it possible that the user goes through a VPN service such as NordVPN? they could be using different servers and switch seamlessly, and you get the server’s GMT offset, not the end-user’s. Or the user plays with his local time and date settings during the session… why would someone do this is beyond my understanding however.

Another possibility: you did not say whether you store all users GMTOffset values centrally. If you do, perhaps you have a logic error in the storage of the values? You would read a different user’s GMTOffset than you think you do.

I don’t think that the user plays with local date or location settings. I log this every 30 seconds or so. It could be that they use VPN. But if that is the case the variable web session.clienttime possibly is also VPN time. What happens with the web location if run through VPN? Is there a possibility to check if the client is using VPN?

I have generally 1 user at a time (basically asking the user to return later if someone is already using the app)

I mentioned NordVPN because I know that they have various ways to perform location change and obfuscation, including Tor access. Whether location change is dynamic, I don’t know.

The whole purpose of VPN services is to make it very difficult to track the user down. Figuring out whether the user is going through one such service would also be difficult. You would need to contact the user and ask, that is the easiest method I can think of.