Can session value be hacked?

Question

When I came out of a site without logging out, next time i browse that site I found I am logged in there? How that server restore the session value for my browser? Is there

Answer 1

As others have noted this is the cookie on your machine.

The way to "hack" it would be to gain access to your machine and then take a copy of the cookie. Or take a copy of the cookie while it is being sent to the browser.

To guard against this you could:

• Send the cookie to the client over https.
• Do not store the cookie on disk (a cookie without a timeout will be stored in memory)

Locking a session to a single ip address, can cause problems, if your users are coming from a network with 2 proxy servers.