tags:

views:

10

answers:

0
Q: 

Http Sesssion is common after recreation of session

Hi ,

I have one issue related to session id, in my application i am removing all session attributes and invalidating the session, then recreate the new session and assign old values. but in this scenario always gives the same session id. The reason for doing this is that session hijack they get the old session id and hack the application, so i am invalidating the old session and recreate the new session , but gives same session id, so they are easily hacking the application.

could you please help me how to solve the session id hijacking.

related questions

How would I go about implementing this algorithm?
Website got Hacked? Site got redirected
Can a unathorized user capture a ssl packet, resend it and login?
Is there an HTTP proxy tool that can substitute browsed content?
What is the difference between DoS and Brute Force attacks?
What is the legal definition of "hacking"?
How to determine an Oracle query without access to source code?
What kind of programming method do you prefer? Success vs. Freedom
How to read source code learn how to use large system
How to increment the TTL value on Windows?
How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?
What harm can DBO do to a server?
Advice about forming Hackers Club
Is it relatively easy to hack Network Time Protocol(NTP)?
Is there a way I can retrieve sa password in sql server 2005
Reverse engineering war stories
What are some interesting, small Linux kernel projects to help learn the source?
How do I prevent replay attacks?
Can I put an ASP.Net session ID in a hidden form field?
How to store passwords in Winforms application?
What are good books about security, hacking, and computer forensics?
well written open source projects (for learning)?
Looking for a specific FireFox extension / program for Form posting
Tabbed file browsing in Windows
Found a critical bug, but the company doesn't care