I have developed a solution that overcomes the risks of hijecking sessions using for example broken SSL or stealing JWT token by encrypting a line in every request differently using session key that is copied and pasted once on every browser which send via the Email.
Does anyone here need such thing? I want to offer it to newbies who hesitate from the cloud bills, using my own cloud and small could fee. I don’t have a prototype yet but considering to make one. Are you guys with me? Do you want one?
It sounds like you enter your email and then you'd get an email with the session key. You mention copy/paste, why not use a URL with the key embedded (typically after a # as this part stays on the client)?
I think you'll need to send Javascript down to the client to perform the encryption. That code needs access to the session key. Unfortunately, if the SSL session is invalid (like a MITM attack using a self-signed cert) then the attacker can inject their own Javascript to steal your session key.
Is the session key stored in local storage? Is anything protecting it there? I think, similar to a JWT, it can be stolen.
This is unfortunately a hard problem you're trying to solve.