2, to limit cookie can use the application. You should also set cookie, restricting its use as possible. At least, will only for credible cookie Settings for the system are available. Field Ideally, still should only allow credible domain specific server access these cookie and configure paths (path) option, only allowed specific applications can access cookie.

3, limit cookies can only use HTTPS. You can also use httponly marker, request the browser can only through HTTP/HTTPS cookie submitted to the server directly. It will prevent attackers through JavaScript attack visit cookie.

If you are a terminal user, you may not be able to control configuration of cookies, but you can choose methods some measures: below

1 do not provide HTTPS connection, limiting the use of the website.

2, through VPN connection. If you are in a risky place online, and worry eavesdropper on executive session hijacking attacks, can try to connect to the workplace VPN (virtual private network), and use this connection to encrypt your network communication.

closing

Firesheep represent is not only a kind of software threat. It takes a WEB applications executive session management way highlight a bottom hole. Although there are some temporary solution can help enterprises to limit the short-term damage caused by tools, but WEB applications community should work closely and development can solve session hijacking attack long-term solutions. Otherwise, the next hacker tools appeared, and then we still vulnerable to attack.