sessionhijacking
Session hijacking is the unauthorized takeover of a user session, allowing an attacker to impersonate a legitimate user and gain access to the same resources and privileges. It typically centers on obtaining a valid session token, such as a session identifier stored in a cookie or transmitted in a URL, and using that token to continue an ongoing authenticated session.
Attackers can obtain tokens through several vectors. Eavesdropping on unsecured networks can reveal cookies (sidejacking). Malware
The impact of session hijacking ranges from unauthorized access to personal data, to account takeovers and
Defense and prevention focus on protecting session tokens and tightening session management. Transport layer security (HTTPS)