Many webmasters rely on web frameworks to generate safe, strong session IDs.

How might a web framework prevent session hijacking?

Prevent reuse of session IDsDeactivate session IDs after 20 minutesChange session IDs after each requestEliminate the need for session IDs

Yep! Modern web frameworks will do these things to prevent your hijacking attempts.

Don't you think that modern web frameworks can do many of these things?