Security in web based session management is a serious concern, due to the recent increase in the frequency and complexity of cyber attacks. Traditionally most of the system are based on the pairs of username and password which verify the identification of the user only at the login phase. Once the user can be identified, no checks are performed during the working sessions, which are terminated by an explicit logouts or expire after an idle activity period of the user. In this approach a single shot of verification is less efficient and the user identity is permanent during the entire session. To overcome this aspect, a secure protocol authentication is used for continuous user verification. This protocol makes adaptive time outs and periodically request the user to input his authentication attributes over and over. For this adaptive method, CASHAMA authentication system is used which provides different verification methods such as Keystroke timing, Mathematical event and CASHMA certificate. The use of this CASHMA system will provide secure web service and prevent the loss of data.