Session Hijacking


A Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. As HTTP communication uses many different TCP connections, the web server needs a method to recognize the connections of every user. The most common method uses a token that the web server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width, and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition.

The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server. The session token could be compromised in different ways; the most common are Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc) and Man-in-the-middle attack.

See also: Cross-site scripting (XSS)

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia