Prevention of session hijacking using token and session id reset approach

  • PDF / 527,759 Bytes
  • 8 Pages / 595.276 x 790.866 pts Page_size
  • 25 Downloads / 209 Views

DOWNLOAD

REPORT

ORIGINAL RESEARCH

Prevention of session hijacking using token and session id reset approach Talwinder Singh1 • Meenakshi1

Received: 17 July 2019 / Accepted: 23 May 2020 Ó Bharati Vidyapeeth’s Institute of Computer Applications and Management 2020

Abstract Session hijacking is the term used to describe the theft of user’s cookies and make clone of that cookies. The hacker uses packet sniffer to capture traffic between user and the server to steal the cookies which contain session information. The same then be used to impersonate the user and act as actual user on web. In this paper, Token and Session id Reset Approach has been proposed and implemented, to prevent the session hijacking by cookies cloning. Proposed technique uses; session id, token, IP and bowser fingerprints to authenticate the user on the web server. This technique stores token at the client side in local storage and it will not be stored in cookies. It has been observed that the Man In The Middle, Cross Site Scripting, Session fixation, Cookie-stealing malware, Predictable token and session id, Physical data theft, and Cookie Cloning attacks is hard to perform on the proposed approach. Keywords Cookies  Session id  Token  Session hijacking  XSS  MITM

1 Introduction A web app is an interactive programs run on server [13], this allow the user to interact with server using online forms, content management system, shopping cart or more. A web appprovides various services to end users. In multi & Meenakshi [email protected] Talwinder Singh [email protected] 1

Computer Science and Technology, Central University of Punjab, Bathinda, India

user web app, server provides user id and password to each user. When a user login in the web app with hiscredential,the server creates unique identifier in response to user request, this identifier is known as session id. The session is valid till user closes the browser or logout from the website. At server side the program store a state of the user (i.e. login or logged out) in their session variable by ‘setPerimeter’ method, this method store key and value at server side (in server’s log). User has only this identifier called session id, other session data like the state of a user, username, password etc. are stored on server side. User does not require entering their user name and password every time. Session id is stored at user’s browser in the cookie. The user sends request to server with this unique identifier (session id), and usingthis server identifies the user. A.

Cookie

A cookie is a piece of data stored in a specially designated cache in a Web browser. Cookies can include user identifier’s or personal information (e. g., session id,user preference, user age). Servers typically use cookies to personalize the dynamic web pages for user [19]. For example, when a user visits the Web site xyz.com, the web server of xyz.com generates a unique identifier known as session id, which is placed in a cookie, the cookie store at user’s browser. Session id is used to identify the user on web s

Data Loading...

Recommend Documents
Encryption Algorithm for TCP Session Hijacking

112 24 78MB

Session

147 11 2MB

Mobility Session

168 41 49MB

Session State

160 119 15MB

Plenary Session

150 18 92KB

Cognitive Behavioral Treatment of Insomnia A Session-by-Session Guid

173 107 3MB

Session and Channel Variabilities

151 72 47MB

Session and Authentication

144 31 10MB

Concluding a CRM Session

165 78 21MB

Session Types Without Sophistry

173 119 6MB

Session Effects on Speaker Modeling

168 82 47MB

CIGRE Session 2020

168 61 517KB