Session Hijacking

Definition - What does Session Hijacking mean?

Session hijacking occurs when a session token is sent to a client browser from the Web server following the successful authentication of a client logon. A session hijacking attack works when it compromises the token by either confiscating or guessing what an authentic token session will be, thus acquiring unauthorized access to the Web server. This can result in session sniffing, man-in-the-middle or man-in-the-browser attacks, Trojans, or even implementation of malicious JavaScript codes.

Web developers are especially wary of session hijacking because the HTTP cookies that are used to sustain a website session can be bootlegged by an attacker.

Techopedia explains Session Hijacking

In the early days, HTTP protocol didn’t support cookies and therefore Web servers and browsers did not contain HTTP protocol. The evolution of session hijacking began in 2000 when HTTP 1.0 servers were implemented. HTTP 1.1 has been modified and modernized to support super cookies which have resulted in Web servers and Web browsers becoming more vulnerable to session hijacking.

Web developers can enlist certain techniques to help avoid session hijacking of their sites, including encryption methods and using long, random numbers for the session keys. Other solutions are to change cookie value requests and implement session regenerations after logins. Firesheep, a Firefox extension, has enabled public user session hijacking attacks by permitting access to personal cookies. Social network websites such as Twitter and Facebook are also vulnerable when users add them to their preferences.

Posted by:

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
Techopedia on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!
Techwise Webinar Series
The Cloud Imperative - What, Why, When, And How
The Cloud Imperative - What, Why, When, And How:
Join veteran analysts Dr. Robin Bloor of The Bloor Group, and Mark Madsen of Third Nature, as they explain how today’s cutting edge Cloud solutions can deliver enterprise caliber software like never before.

Email Newsletter

Join 138,000+ IT pros on our weekly newsletter

Resources
Free Whitepaper – Bridging the IT Operations Application Owner Gap
Free Whitepaper – Bridging the IT Operations Application Owner Gap:
Conflicting organizational needs all too often create tension between functional silos. Application owners demand more and more resources.
Free 30 Day Trial – VMTurbo Operations Manager
Free 30 Day Trial – VMTurbo Operations Manager:
VMTurbo's flagship product, Operations Manager maintains your virtual and cloud environments in a healthy state. It manages homogeneous and...