ADOPTION OF SECURE SESSION MANAGEMENT IN MULTI-DEVICE APPLICATIONS FOR MITIGATING SESSION HIJACKING AND REPLAY ATTACKS THROUGH TOKEN ROTATION AND EXPIRY CONTROLS
DOI:
https://doi.org/10.29121/JISSI.v2.i1.2026.49Keywords:
Session Management, Token Rotation, Expiry Controls, Session Hijacking, Replay Attacks, Multi-Device Applications, Cybersecurity Adoption, Authentication SecurityAbstract
In the era of ubiquitous multi-device ecosystems, secure session management emerges as a critical pillar for safeguarding user interactions against session hijacking and replay attacks. This study investigates the adoption dynamics of token rotation and expiry controls within multi-device applications, employing a mixed-methods approach encompassing surveys of 500 developers and simulated attack scenarios on 1,000 sessions. Key findings reveal an average adoption rate of 78% for expiry controls but only 75% for token rotation, with combined implementation reducing hijacking success by 89% and replay attacks by 92%. Industries like finance exhibit higher compliance (88%), while social media lags (67%). The research underscores barriers such as implementation complexity and legacy system integration, proposing a replicable framework for enhanced security. These insights contribute to cybersecurity theory by validating token-based mitigations and offer practical guidelines for developers, emphasizing proactive expiry and rotation policies to fortify multi-device resilience. Ultimately, widespread adoption could avert billions in annual breach costs, fostering a more secure digital landscape.
References
Arora, P., and Bhardwaj, S. (2022). Integrating Wireless Sensor Networks and the Internet of Things: A Hierarchical and Security-Based Analysis. International Journal of Multidisciplinary Research in Science, Engineering and Technology (IJMRSET), 5(5).
Tambi, V. K., and Singh, N. (2020). Analysing Anomaly Process Detection Using Classification Methods and Negative Selection Algorithms. International Journal of Advanced Research in Education and Technology (IJARET), 7(1).
Bhargavan, K., Fournet, C., Kohlweiss, M., and Strub, P.-Y. (2012). One-Time Cookies: Preventing Session Hijacking Attacks with Stateless Authentication Tokens. ACM Transactions on Information and System Security, 15(1), Article 1. https://doi.org/10.1145/2220352.2220353
Tambi, V. K. (2023). Real-Time Data Stream Processing with Kafka-Driven AI Models. International Journal of Current Engineering and Scientific Research (IJCESR).
Expel. (2023). Quarterly Threat Report: Aitm Phishing Trends.
Sharma, S. (2020). The Rising Threat of Deepfakes: Security and Privacy Implications. Journal of Artificial Intelligence and Cyber Security (JAICS), 4(1), 1–6.
IBM Security. (2024). Cost of a Data Breach Report 2024. IBM.
Ogundele, I. O., Afolabi, O. A., and Oluwadare, S. A. (2020). Detection and Prevention of Session Hijacking in Web Application Management. International Journal of Computer Applications, 175(6), 1–7. https://doi.org/10.17148/IJARCCE.2020.9601
Bhardwaj, S., Dwivedi, A., Pandey, A., Perwej, Y., and Khan, P. R. (2023). Machine Learning-Based Crowd Behavior Analysis and Forecasting. International Journal of Scientific Research in Computer Science, Engineering and Information Technology (IJSRCSEIT). https://doi.org/10.32628/CSEIT23903104
Tambi, V. K., and Singh, N. (2019). Development of a Project Risk Management System Based on Industry 4.0 Technology and Its Practical Implications. International Journal of Innovative Research in Computer and Communication Engineering, 7(11).
Singh, T., and Meenakshi. (2020). Prevention of Session Hijacking Using Token and Session ID Reset Approach. International Journal of Information Technology, 12, 781–788. https://doi.org/10.1007/s41870-020-00486-w
Tank, D., and Dalvi, A. (2018). A Novel Approach to Prevent Session Hijacking Attack. International Journal of Computer Applications, 181(14), 28–30. https://doi.org/10.5120/ijca2018917798
Tariq, U., Ahmed, I., Bashir, A. K., and Shaukat, K. (2023). A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A cOmprehensive Review. Sensors, 23(8), Article 4117. https://doi.org/10.3390/s23084117
Tambi, V. K. (2021). Natural Language Understanding Models for Personalized Financial Services. International Journal of Current Engineering and Scientific Research, 8(1), 1–11.
Wedman, S., Tetmeyer, A., and Saiedian, H. (2013). An Analytical Study of Web Application Session Management Mechanisms and HTTP Session Hijacking Attacks. Information Security Journal: A Global Perspective, 22(2), 55–67. https://doi.org/10.1080/19393555.2013.783952
Sharma, S. (2019). Data Loss Prevention (DLP) Strategies in Cloud-Hosted Applications. Journal of Theoretical and Computational Advances in Scientific Research (JTCASR), 3(1), 1–8.
Published
Issue
Section
License
Copyright (c) 2026 Rohit Ahuja (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
With the licence CC-BY, authors retain the copyright, allowing anyone to download, reuse, re-print, modify, distribute, and/or copy their contribution. The work must be properly attributed to its author.
It is not necessary to ask for further permission from the author or journal board.
This journal provides immediate open access to its content on the principle that making research freely available to the public supports a greater global exchange of knowledge.
