Security Intermediate

What is Session Hijacking?

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

Session hijacking occurs when an attacker obtains a valid session ID and uses it to impersonate the legitimate user. Attack vectors include network sniffing (intercepting unencrypted session cookies), XSS (JavaScript stealing cookies), session fixation (forcing a known session ID on the victim), and predicting weak session IDs. Prevention measures include HTTPS everywhere (encrypting cookies in transit), HttpOnly flag (preventing JavaScript access), Secure flag (cookies sent only over HTTPS), SameSite attribute (preventing CSRF), session regeneration after login, binding sessions to IP/user-agent, setting short session timeouts, and using cryptographically random session IDs.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

SIEM (Security Information and Event Management)

A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.

SOC (Security Operations Center)

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

Data Loss Prevention (DLP)

A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.

Input Validation

The process of verifying that user-supplied data meets expected formats, types, and ranges before processing it.

View All Security Terms →