Session hijacking prevention
- Silvan Grüter
Introduction
Session hijacking is a type of cyber attack where an attacker takes over a user's active session with a web application or online service. This allows the attacker to impersonate the user and access their personal data, perform transactions, or manipulate their account. To prevent such attacks, various prevention measures are in place such as the use of HTTPs, Session Expiration, XSS prevention with CSP policies and so on. Furthermore, a session hijacking middle ware is in place, that checks for unusual session activities.
Anomaly detection
Within the same session, changes to the following parameter will trigger the session hijacking middle ware and users will be presented with a generic error message.
Parameter | Description | Resolved |
|---|---|---|
Public IP | If the public IP changes, the session hijacking middle ware will be triggered. | The public IP will be determinated in the same way as documented here. |
Host | If the host changes, the session hijacking middle ware will be triggered. | The public IP will be determinated by the HTTP request. Removed in version 10 |
User Agent | If the user agent changes, the session hijacking middle ware will be triggered. | The public IP will be determinated by the HTTP request. |
Â
© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.