Skip to Content (Press Enter)
UserImage.jpg
Balaji Ravikumar
136Views
3Comments
Avoid Session fixation and clearing ASP.net session id when logout
Question
Traditional Web
Application Type
Traditional Web

Hi All,

       We found Session fixation in our application by Pen test so we tried to avoid this by enabling Session fixation in factory configuration which is inbuild functionality by Outsystems. But when we repeating the pen test its showing the issue is unchanged.

     So we found the session token ID is not expiring even after the user logs out, when the same user login again new session ID appending with existing session ID, so we want to remove the session whenever the user logout or session is timeout.

Is there any solution for this in Outsystems?

Thanks in Advance.

        

0
0
14 Jul 2022
Copy Link
2023-04-19 18-38-51
Bas de Jong

Did you publish a solution after changing this in Factory Configuration? Usually it is not applied untill the apps are re-published.

1
0
16 Jul 2022
Copy Link
UserImage.jpg
Balaji Ravikumar

Hi @Bas de Jong 

    Yes we did the republish after changing the factory configuration. Do you have any other suggestion?

Thanks

Balaji

0
0
20 Jul 2022
Copy Link
2022-01-21 01-54-20
Sam Cassie

Hi @Bas de Jong ,
Did you ever find a solution to this? I am having similar issues and would like to know how to clear the ASP.NET_SessionId on logout.
Thanks

0
0
21 Oct 2022
Copy Link
Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.