Sub-session hijacking on the web: Root causes and prevention