Why is the MSISDN session variable empty?

Commonly, when desigining Mobile Web interfaces, developers assume that the MSISDN session variable the phone number of the end user and design personalized interfaces accordiglly.

The problem is that the WAP service provider may not supply the MSISDN value to the Hub Edition platform. In this case the MSISDN session variable is always empty (default value).

This situation may generate certain security flaws, resulting in users accessing other users data or the same data being presented to all users.

If your application relies on this value, please make sure that the information is passed from the WAP service provider gateway and that the Hub Server is correctly configured to obtain it from the HTTP header.

It is also a good policy to secure your applicaiton against non-identified access.
Another good practice in solving this problem is using a parameter in the Mobile web entry page where the user MSISDN is passed to. This allows users to bookmark the entry URL already with the right parameter thus benefiting immediately from the personalization features.

If this option is chosen the Mobile Web Bookmark should be provisioned automatically by the application to the users phone including the right parameter (using Wap push or other technique). It is not an option to ask the user to type it himself because typing “http://bla.com/espace/bla.aspx?MSISDN=9120381212&CODE=1823” in a phone keyboard is a nightmare and extremely error prone.