Abstract
A number of websites is recently faced with the problems from Session Hijacking Attacks which are simple to be launched with higher possibility of success. Besides, this attacking is now popular amongst the hackers in which it is ranked on the Top 10 Web Attacking. Session Hijacking can be launched by capturing Cookie/Session IDs within an LAN, or by using XSS (Cross Site Scripting), which allows hackers to steal cookies from across the world and then use the captured Cookie/Session ID to access the system on a victimâs identity. This problem is a result of using a Static Session ID. This research proposes a model to protect against Session hijacking by using a Non-Static Session ID instead of a Static Session ID. We combine Hashing of the Secret with Time to create the constantly changeable Session ID. With this model, a victimâs session ID captured by hacker will not be able to be used for replay attacks. In addition, this model can prevent both manual and automatic Session Hijackings in which Client and Server has no need to synchronize the time and to use NTP.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
