Sub-session hijacking is a nasty attack, which was not properly understood. If you are interested in the topic, read our JCS paper, where we discuss how to fix its root causes and we propose a defense mechanism based on server-side security monitoring.