Session hijacking is the term used to describe the theft of user’s cookies and make clone of that cookies. The hacker uses packet sniffer to capture traffic between user and the server to steal the cookies which contain session information. The same then be used to impersonate the user and act as actual user on web. In this paper, Token and Session id Reset Approach has been proposed and implemented, to prevent the session hijacking by cookies cloning. Proposed technique uses; session id, token, IP and bowser fingerprints to authenticate the user on the web server. This technique stores token at the client side in local storage and it will not be stored in cookies. It has been observed that the Man In The Middle, Cross Site Scripting, Session fixation, Cookie-stealing malware, Predictable token and session id, Physical data theft, and Cookie Cloning attacks is hard to perform on the proposed approach.

中文翻译：

---

使用令牌和会话ID重置方法防止会话劫持

会话劫持是用于描述盗窃用户cookie并克隆该cookie的术语。黑客使用数据包嗅探器捕获用户和服务器之间的流量，以窃取包含会话信息的cookie。然后将其用于模拟用户并充当Web上的实际用户。本文提出并实现了令牌和会话ID重置方法，以防止cookie克隆导致会话劫持。拟议的技术用途；会话ID，令牌，IP和Bowser指纹来验证Web服务器上的用户。此技术将令牌存储在客户端的本地存储中，并且不会存储在cookie中。据观察，中间人，跨站点脚本，会话固定，窃取Cookie的恶意软件，可预测的令牌和会话ID，物理数据盗窃，