Many web applications are vulnerable to session hijacking attacks due to the insecure use of cookies for session management. The most recommended defense against this threat is to completely replace HTTP with HTTPS. However, this approach presents several challenges (e.g., performance and compatibility concerns) and therefore, has not been widely adopted. In this paper, "One-Time Cookies" (OTC), an HTTP session authentication protocol for improving session hijacking features, easy to deploy and

more »

... resistant to session hijacking. OTC's security relies on the use of disposable credentials based on a modified browsers name. Experiments demonstrate the ability to maintain session integrity with a throughput improvement over HTTPS and a performance approximately similar to a cookie-based approach, Here I have Created web configuration page based on that it will fetch IP address, After that based on each session OTC will be generated, In doing so, I demonstrate that one-time cookies can significantly improve the security of web sessions with minimal changes to current infrastructure and browser page.