Single Sign-on

  

On a single sign-on, what does unified modules of the same set means?

"Note that sharing session variables through public actions only works for unified modules of the same set."

I am having issues with session variables not being set correctly by other apps through public action.

Hi jhonn,

Were you able to debug it? On debug the session variable was set? Did you get any error? All the espaces have the same user provider?

Let us know so we can better help you.

Regards,

Marcelo

Marcelo Ferreira wrote:

Hi jhonn,

Were you able to debug it? On debug the session variable was set? Did you get any error? All the espaces have the same user provider?

Let us know so we can better help you.

Regards,

Marcelo

Hello Marcelo,

Yes, it looks like it was successfully set to null by the calling app. However after several request, the previous value of the session variable gets back to the value it has before setting it to null.They have the same user provider. I am puzzled why the previous value gets back when it was already set to null. I also review all execution path, there are only two actions that are setting the value. The other action was not even executed at all.


Here is the sample scenario,

1. App 1 (user provider)-> initialize the session variable, set the the value to an identifier

2. App 2 (subscriber) -> (call public action of App1 that set session variable to null) then redirect back to App 1

3. App 1 -> validate if the session variable is null then do some validation on user inputs,  if successful set the session variable again to an identifier

after multiple unsuccessful validation on No. 3, this session variable gets back to the value before No.2 set it to null. 

At this time, the session variable has a value and instead of executing the validation it will be redirected to the dashboard with the previous session value.


Thanks.



Solution

Jhonn Mark Razonable wrote:

Marcelo Ferreira wrote:

Hi jhonn,

Were you able to debug it? On debug the session variable was set? Did you get any error? All the espaces have the same user provider?

Let us know so we can better help you.

Regards,

Marcelo

Hello Marcelo,

Yes, it looks like it was successfully set to null by the calling app. However after several request, the previous value of the session variable gets back to the value it has before setting it to null.They have the same user provider. I am puzzled why the previous value gets back when it was already set to null. I also review all execution path, there are only two actions that are setting the value. The other action was not even executed at all.


Here is the sample scenario,

1. App 1 (user provider)-> initialize the session variable, set the the value to an identifier

2. App 2 (subscriber) -> (call public action of App1 that set session variable to null) then redirect back to App 1

3. App 1 -> validate if the session variable is null then do some validation on user inputs,  if successful set the session variable again to an identifier

after multiple unsuccessful validation on No. 3, this session variable gets back to the value before No.2 set it to null. 

At this time, the session variable has a value and instead of executing the validation it will be redirected to the dashboard with the previous session value.


Thanks.



Hi Marcelo,

Thanks for the willingness to help. We already found the issue and fix it with SetCookie action from the HTTPRequestHandler extension. Found similar discussion here: https://www.outsystems.com/forums/discussion/6797/how-to-avoid-session-fixation/


Solution