John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong. In the context of Session hijacking why would you consider this as a false sense of security?
A.
The token based security cannot be easily defeated.
B.
The connection can be taken over after authentication.
C.
A token is not considered strong authentication.
D.
Token security is not widely used in the industry.
I have the same idea.