Hi Support,
I want to save the UserId and SessionID. When the user logs into the application with the same URL in another browser then I need to validate that the SessionID is not the same when logging into the application in another browser.
I tried saving the SessionID in sessions but when the user logs in to the application from another browser the session gets null so I couldn't validate it from the current SessionId.
The same happened with the cookies as well.
Problem Remediation:
"User cookies should be validated during login to the application and if there is an existing session with the same cookie, then try to assign a new session cookie and Validate the user credential again."
https://owasp.org/www-community/attacks/Session_hijacking_attack
Please suggest a solution.