Session Fixation vulnerability

Dear Outsystems,


Myself Janarthanan and from FICO .We are using Outsystems version 9.1.616.0 for one our client .

can we change the values of below cookies each time(all three cookies) when user login ?

1. OSSESSIONID 

2. osVisitor 

3. osVisit 


I have tried below option and its working only for any of OSSESSIONID  or osVisitor  or osVisit  at single point of time . means each time generating ID for any one of above three cookies and it keeps same value for other two cookies.


HTTPRequestHandler -  AddHeader action used as below .


1.Please guide us how to use multiple headers at the same time or any other option .


Kindly help us in this .


Thanks and Reagrds,

Janarthanan


This is now the SECOND time I am telling you to please work internally on this issue where we have known answers and solutions to this. There is no reason to be asking the general public about this, when we have dealt with this issue a number of times on other projects. Please follow the proper process to get the tested, correct answer to this. Again, this is the SECOND time I have told you this, the next time I will escalate this internally.

J.Ja

Justin James wrote:

This is now the SECOND time I am telling you to please work internally on this issue where we have known answers and solutions to this. There is no reason to be asking the general public about this, when we have dealt with this issue a number of times on other projects. Please follow the proper process to get the tested, correct answer to this. Again, this is the SECOND time I have told you this, the next time I will escalate this internally.

J.Ja

Hi Justin,


Thanks for the reply . Apologies for that to asked again . I will discuss this with internally  .


Thanks and Regards,


Janarthanan