Sub-session hijacking is a nasty attack, which was not properly understood. If you are interested in the topic, read our JCS paper, where we discuss how to fix its root causes and we propose a defense mechanism based on server-side security monitoring.
Proud to be part of the program committee of the next USENIX Security Symposium! Please consider submitting your best security and privacy works there, see the call for papers at the conference website. Recall that USENIX Security is moving to a rolling deadline model, with four submission cycles per year.