occurs when an attacker takes over a valid session between two computers. The attacker steals a valid session ID in order to break into the system and snoop data. Session hijacking Most authentication occurs only at the start of a session. In TCP session hijacking, an attacker gains access by taking over a TCP session between two machines in mid session. TCP Session hijacking occurs because no account lockout for invalid session IDs weak session-ID generation algorithm insecure handling indefinite session expiration time short session IDs transmission in plain text Session hijacking process , that is perform a man-in-the-middle (MITM) attack, place yourself between victim and server. Sniff packets flowing between server and user. Monitor the victim machine's connection. Break of the session. Take control new packets to the server using the Victim's Session ID. Inject Protection against session hijacking create a secure communication channel with SSH (secure shell) pass authentication cookies over HTTPS connection implement logout functionality so the user can end the session generate the session ID after successful login pass encrypted data between the users and the web server use a string or long random number as a session key Learn more General knowledge on Wikipedia Session hijacking View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted request header CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Preflight request Public-key cryptography Reporting directive Robots.txt Same-origin policy SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/Session_hijacking Published under license Open CC Attribution ShareAlike 3.0

Mozilla

Glossary of Security Terms: SQL Injection

Glossary of Security Terms: Same-Origin Policy

Read My Stories

Too Long; Didn't Read

Make resilience your competitive advantage

Glossary of Security Terms: Session Hijacking

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

A Quick Introduction to the Resize Observer API

10 VSCode Extensions To Make Your Life Easier

10 Ways Stand Out as a Java Developer and Land that Dream Job

10 Tips For Junior Developers To Succeed in Code

10 Things Every Beginner Should Know When Learning Javascript And React

A Quick Introduction to the Resize Observer API

10 VSCode Extensions To Make Your Life Easier

10 Ways Stand Out as a Java Developer and Land that Dream Job

10 Tips For Junior Developers To Succeed in Code

10 Things Every Beginner Should Know When Learning Javascript And React

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps