A couple of our users keep getting this exception message "Session fixation mismatch" Please note this issue intermittently happening and happens to specific users.
Things tried to mitigate this risk :-1)Cleared cookies
2)Advised the user/s to open a private browser in EDGE
Platform version : 11.20.0 (Build 38549)
Multitenant : No User Provider : UsersType of authentication : LDAP/ Active Directory (No access to see this)
Browser mostly facing this issue : Edge,Chrome
Environment Information
eSpaceVer: Id=6241, PubId=0, CompiledWith=11.20.0.38549RequestUrl: https://********/DCD_Activation_AgentFrontEndN/Listofbeneficiaries.aspx?_ts=1**** (Method: POST)AppDomain: /LM/W3SVC/1/ROOT/DCD_Activation_AgentFrontEndN-79-133482965867402624FilePath: C:\...\PS\running\DCD_Activation_AgentFrontEndN.0812850919\Listofbeneficiaries.aspxClientIp: ****** X-Forwarded-For: ********Locale: ar-AEDateFormat: dd/MM/yyyyPID: 8732 ('w3wp', Started='12/22/2023 7:12:16 PM', Priv=7098Mb, Virt=2124335Mb)TID: 945Thread Name:.NET: 4.0.30319.42000
Stack trace :-
Session fixation mismatch at OutSystems.Application.Session.Persistent.Cookies.CookieActions.ValidateSessionFixationCookieAgainstSession(IModuleInfo moduleInfo, PersistentSessionInfo sessionInfo) at ssDCD_Activation_AgentFrontEndN.Flows.FlowAgent_MainFlow_NewDesign.ScrnListofbeneficiaries.Page_Load(Object sender, EventArgs e) at System.Web.UI.Control.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Any information about this will be greatly appreciated.
I think parallel, you can talk to support for this because major articles are posted by staff and as you said it’s intermediate, then they will help you asap.
Hi Craig Rodrigues,
You can check out the following post for more information about the session fixation:
https://www.outsystems.com/forums/discussion/6797/how-to-avoid-session-fixation/
And the following documentation:
https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/How_OutSystems_Platform_helps_you_develop_secure_applications/02_Protecting_OutSystems_apps_from_authentication_vulnerabilities
I hope this help you Thanks and Regards,Akshay Deshpande
Hello Akshay , Already saw this ,unfortunately it doesn't answer the question as to why only "some" users are facing this issue intermittently and consistently. Tried to reproduce with my accounts by opening two tabs and logging into portal but no luck in order to further investigate this issue. Happens to specific users from what I can see in service center.
@Akshay Deshpande Thank you for your time. As you mentioned I did create support ticket for this issue;will wait for their reply.