Prevention of session hijacking using token and session id reset approach

摘要

Session hijacking is the term used to describe the theft of user's cookies and make clone of that cookies. The hacker uses packet sniffer to capture traffic between user and the server to steal the cookies which contain session information. The same then be used to impersonate the user and act as actual user on web. In this paper, Token and Session id Reset Approach has been proposed and implemented, to prevent the session hijacking by cookies cloning. Proposed technique uses; session id, token, IP and bowser fingerprints to authenticate the user on the web server. This technique stores token at the client side in local storage and it will not be stored in cookies. It has been observed that the Man In The Middle, Cross Site Scripting, Session fixation, Cookie-stealing malware, Predictable token and session id, Physical data theft, and Cookie Cloning attacks is hard to perform on the proposed approach.