Hello,
My application is a Traditional Web app. Some of the users started to complain that they keep getting the Internal Error screen and it occurred that under the hood is the "Session fixation mismatch" error. One of the users described it as follows:
Since the last deployment, I receive an error message (Internal Error) every day. Maybe it is related to the expiration of the <application> session, because each time after the error message the login window appears; but sometimes I log out of an open session - I log in again and after a few operations this error appears again in the application.
The reporting user says, that in his case it occurs every day and that he has reports from other users but it is not so frequent in other users' cases.
What would you suggest, what can be the reason that this error started to come out?
Thanks in advance for any hint.
Regards
Tomasz
Hi @Tomasz M Lipinski
Can you please check the below discussion.
https://www.outsystems.com/forums/discussion/6797/how-to-avoid-session-fixation/Thanks,Vignesh Prakash.
Hi,
The conclusion from this discussion is that there is a mechanism in O11 that prevents this kind of vulnerability. My client uses O11 and has this option turned on.
So the question is: why this error occurs despite the protection is turned on?