John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong.
In the context of Session hijacking why would you consider this as a false sense of security?
A.
The token based security cannot be easily defeated.
B.
The connection can be taken over after authentication.
C.
A token is not considered strong authentication.
D.
Token security is not widely used in the industry.
Explanation:
A token will give you a more secure authentication, but the tokens will not help against attacks that are directed against you after you have been authenticated.