What is hijack sessions attacks?
In computer science, session hijacking refers to the exploitation of a valid computer session (sometimes also called a session key) to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer.
Solution:
With ASP.Net 2.0, Forms Authentication cookie is not available to client side script to prevent XSS. Check this http://msdn.microsoft.com/en-us/netframework/aa497240.aspx
You can also mark all cookies as HttpOnly cookies using the configuration file by adding the following code under the <system.web> configuration section
<httpCookies httpOnlyCookies="true"/>
15 March 2022
17 February 2022
09 December 2019