Abstract
ABSTRACT The HTTP protocol is designed for stateless transactions, but many Web applications require a session to be maintained between a Web browser and a server creating a stateful environment. Each Web application decides how its session is managed and needs to be able to trust the session identifier. However, it is possible for sessions to be hijacked, and an intruder can gain unauthorized access to the hijacked session. The purpose of this paper is to provide an analysis of current session management mechanisms and examine various hijacking techniques. The primary issues that will be addressed pertain to session management and the importance of securing the creation, deletion, and transmission of a session token. We provide a broader view of the session hijacking threat environment by analyzing existing Web application implementations to help demonstrate the need for session hijacking prevention. We will identify the session management areas that are targeted by attackers and will identify and examine various attacks that can lead to a session being hijacked.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Information Security Journal: A Global Perspective
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
