Regular and frequent use of web applications is introducing different security issues. Cross –site scripting is one of them. Cross site scripting is an attack via browser side scripting language (generally JavaScript).Active sessions are frequently target of XSS attacks. It can be anything, from your facebook password to bank-account login session. Session is the mechanism used by web applications to track whether the logged in user is authenticated or not. In every session ,session cookie contains a string known as session token, which is stored in a cookie at user’s browser and sent to the web server every time user make request. By means of these cookies only, user can be authenticated once logged in. if active session cookies are stolen by the attacker, he may perform any action as the user. The site will not be able to find difference easily. Attackers do so, by including malicious codes in application’s output. In this research paper, we will be giving solution to secure this active sessions.