<div>
<div class="content wysiwyg-content">
Hi Experts, 
 
I tried to use IBM Rational AppScan to scan the website, but the &quot;Session Fixation&quot; problem still come up. 
 
Page 
login.asp -&gt; default.asp -&gt; logout.asp 
 
&quot;Session identifier not updated&quot; problem seems to re-use the Session ID. 
 
<a href="http://www.owasp.org/index.php/Session_Fixation_Protection" rel="ugc">http://www.owasp.org/index.php/Session_Fixation_Protection</a> 
 
I tried to follow the Example in the above but unsuccessful. 
 
Is it able to do the following? 
 
- Renew the ASPSESSIONID 
- Cookieless Session 
- Encrypted URL 
...
</div>
</div>

Hi Experts,

I tried to use IBM Rational AppScan to scan the website, but the "Session Fixation" problem still come up.

Page
login.asp -> default.asp -> logout.asp

"Session identifier not updated" problem seems to re-use the Session ID.

http://www.owasp.org/index.php/Session_Fixation_Protection

I tried to follow the Example in the above but unsuccessful.

Is it able to do the following?

- Renew the ASPSESSIONID
- Cookieless Session
- Encrypted URL
...

Session Fixation

Active Server Pages (ASP) is Microsoft’s first server-side engine for dynamic web pages. ASP’s support of the Component Object Model (COM) enables it to access and use compiled libraries such as DLLs. It has been superseded by ASP.NET, but will be supported by Internet Information Services (IIS) through at least 2022.

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.