๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is Session Hijacking?

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

Session hijacking occurs when an attacker obtains a valid session ID and uses it to impersonate the legitimate user. Attack vectors include network sniffing (intercepting unencrypted session cookies), XSS (JavaScript stealing cookies), session fixation (forcing a known session ID on the victim), and predicting weak session IDs. Prevention measures include HTTPS everywhere (encrypting cookies in transit), HttpOnly flag (preventing JavaScript access), Secure flag (cookies sent only over HTTPS), SameSite attribute (preventing CSRF), session regeneration after login, binding sessions to IP/user-agent, setting short session timeouts, and using cryptographically random session IDs.

Related Terms

SQL Injection
An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.
SAST (Static Application Security Testing)
Automated analysis of source code to find security vulnerabilities without executing the application.
SIEM (Security Information and Event Management)
A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.
Vulnerability Scanning
Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.
DDoS (Distributed Denial of Service)
An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.
XSS (Cross-Site Scripting)
An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.
View All Security Terms โ†’