In our application we have 3 layers/managers. Each of them having different roles. According to there role Each of them have some different as well as common priveleges.
But due to same session variable name they can access each others privelegs by session hijacking .
Please suggest to avoid this session hijacking
Are you saying they are sharing info in the session?
That doesn't make any sense. Each session is isolated from the others.
So you might need to explain in greater detail what you are talking about.