Session Fixation Issue

Asked Sep 08 '19 at 05:23

Active Sep 08 '19 at 08:08

Viewed 62 times

In one of our application we are facing below issue related SessionId.
SessionId value in cookie (Request & Response body) are not regenerating new values once user logoff from application and logins back (I mean signing off from application without closing browser and singing in back). Its maintaining earlier values, instead of generating new values.

But if close browser it's generating new values. But we wanted to generate new SessionId values every time user logoff from application and logins back.

We tried to clear cookie values in Logout handler

Httpcontext.Current.Request.Cookies.Clear();

and Added expiration date to cookies like as

Response.Cookies["SessionID"].Expires = DateTime.Now.AddDays(-1);

But even after making these changes also we are not getting a new Sessionid value after logout and login.

edited Sep 08 '19 at 08:08

Giulio Caccin

2,962
6
36
57

asked Sep 08 '19 at 05:23

Ramesh

Could you post code of your logout method? – Martin Staufcik Sep 08 '19 at 05:44
1

Make sure your cookie is persistent: https://stackoverflow.com/questions/3869821/how-do-i-create-a-persistent-vs-a-non-persistent-cookie – Martin Staufcik Sep 08 '19 at 05:52

Session Fixation Issue

0 Answers0