occurs when an attacker takes over a valid session between two computers. The attacker steals a valid session ID in order to break into the system and snoop data. Session hijacking Most authentication occurs only at the start of a session. In TCP session hijacking, an attacker gains access by taking over a TCP session between two machines in mid session. TCP Session hijacking occurs because no account lockout for invalid session IDs weak session-ID generation algorithm insecure handling indefinite session expiration time short session IDs transmission in plain text Session hijacking process , that is perform a man-in-the-middle (MITM) attack, place yourself between victim and server. Sniff packets flowing between server and user. Monitor the victim machine's connection. Break of the session. Take control new packets to the server using the Victim's Session ID. Inject Protection against session hijacking create a secure communication channel with SSH (secure shell) pass authentication cookies over HTTPS connection implement logout functionality so the user can end the session generate the session ID after successful login pass encrypted data between the users and the web server use a string or long random number as a session key Learn more General knowledge on Wikipedia Session hijacking View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted request header CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Preflight request Public-key cryptography Reporting directive Robots.txt Same-origin policy SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/Session_hijacking Published under license Open CC Attribution ShareAlike 3.0