Hi,

I'm trying to follow instructions described here:
https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/How_OutSystems_Platform_helps_you_develop_secure_applications/02_Protecting_OutSystems_apps_from_authentication_vulnerabilities

But I'm struggle to expire OSSESSIONID cookie. I've tried to use HTTPRequestHandler.SetCookie Action and set NullTextIdentifier() as Cookie value but then I get 2 OSSESSIONID cookies. One with empty string and second with value that was set before action HTTPRequestHandler.SetCookie was used. 

How properly expire OSSESSIONID to force to generate new one?

Hi Grzegorz,

Did you look into this post? Setting the OSSESSIONID cookie with empty string ("") should normally expire it.

Regards,

Nordin