๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is Session Hijacking?

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

Session hijacking occurs when an attacker obtains a valid session ID and uses it to impersonate the legitimate user. Attack vectors include network sniffing (intercepting unencrypted session cookies), XSS (JavaScript stealing cookies), session fixation (forcing a known session ID on the victim), and predicting weak session IDs. Prevention measures include HTTPS everywhere (encrypting cookies in transit), HttpOnly flag (preventing JavaScript access), Secure flag (cookies sent only over HTTPS), SameSite attribute (preventing CSRF), session regeneration after login, binding sessions to IP/user-agent, setting short session timeouts, and using cryptographically random session IDs.

Related Terms

Phishing
A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.
Content Security Policy (CSP)
An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.
SIEM (Security Information and Event Management)
A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.
Hashing
A one-way function that converts input data into a fixed-size string of characters, used for data integrity and password storage.
Encryption
The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.
Data Loss Prevention (DLP)
A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.
View All Security Terms โ†’