locked
SecurityThreat: Session Identifier Not Updated RRS feed

  • Question

  • Hi,

    we have developed tool using Microsoft .net Core Web application.

    This tool we want to secure in all terms. so we got the APPSCAN tool from IBM.

    Where while running Appscan tool capture issue like "Session Identifier Not Updated" for Login Index.

    Issue : Expectation is Session Identifier needs to be regenerated, should not be re-used the same in consecutive login.

    For  Ex: first time when login page loaded then session identifier is created as xxx, then after login it should get change. / like yyy , zzz ... also each time after login it should be re-generated.

    I have searched in the .net core forum i couldnt get any possible ways to re-generate the session id it is handled by Microsoft Net core session management system. but to fix this issue we need this session re-generation. Please share the info  / samples or links will be helpful. 

    Any-possible ways please advice.

    Thanks in Advance. - Aravind



    microsoft fourm

    Sunday, June 21, 2020 1:04 AM

Answers

All replies

  • Hi,

    Thanks for posting here, 

    This case is not in the scope of this forum. I will redirect this thread to get the better support, thanks for your understanding.

    Best Regards,

    Drake


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, June 26, 2020 7:29 AM
  • Hello,

    IBM Appscan is now supported by HCL Software. So open a ticket there: https://hclpnpsupport.hcltech.com/csm

    Regards, Guido

    Friday, June 26, 2020 9:16 AM
  • Might also try asking for help over here.

    https://stackoverflow.com/questions/tagged/.net-core

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, June 26, 2020 12:04 PM