0

I have developed a web application in Java Spring Boot. After login to the web application JSESSIONID is stored in browser cookies, now when I copy this cookie details from my current browser and create same cookie in some other browser then I'm able to login to the system without asking me for login.

Please let me know how can we prevent this Session hijacking threat. Is there anything I need to do at application level or anything on server level.

Sushil
  • 533
  • 2
  • 8
  • 28
  • If the user decides to copy their cookies to another computer, there is nothing much to easily do about it. You can of course obfuscate things a bit but they are a bit like keys to the application, once you give them out it’s hard to really disallow someone from copying them. – Joachim Isaksson Oct 05 '21 at 04:54
  • @JoachimIsaksson Thanks for your quick response, so basically this is not a threat? – Sushil Oct 07 '21 at 08:11

0 Answers0