Preventing Authentication Bypass with SessionID

What is SessionID?
SessionID is a unique ID for checking the authentication of a logged on user. Based on the SessionID the Server responds to a browser. And the Session Hijacking involves, accessing the random sessionID based on user input. This sessionID is being used for both the Web and Mobile applications. Authentication Bypass places a major stack in application vulnerability.

Possible hybrid strings from user input.
username+string
password+string
username+password
username+date+string

Here, ‘+’ is used to concatenate two different strings.

The following code could be helpful in order to crosscheck the severity based on the SessionID.

class SessionProgram
{
static string randomString(int length)
{
const string validChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789”  //This is the value for defining the string

                                stringBuilder res = new StringBuilder();           // Creating Null Object
Random rnd = new Random();
while (0 < length --)
{
res.Append(validChars[rnd.Next(validChars.Length)]);
}
}             //End of randomString()

                static void Main(string[] args)
{
int length = Console.Read();
string usedCase = Console.ReadLine();      // Get string from user
string hybridPass = randomString(length);
Console.WriteLine(hybridPass +usedCase);
}

}

This is a program based on C#. In order to try this code, import the following modules and define this whole SessionProgram class under a Namespace.using System;

using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

This payload can be used to get sample permutations of various username/password and random strings. The same can be modified for a set of used cases only. Edit the constant string ‘validChars’ with a frequently used parameter value.

**This is for educational purposes only.**