GlossarySession Hijacking

Session Hijacking

Session hijacking poses a significant risk to the security of online accounts. Familiarizing yourself with "what session hijacking is," along with its associated dangers and preventive measures, can help safeguard your web sessions before any harm is inflicted.

What Is Session Hijacking?

Session hijacking refers to the act of an attacker taking control of a legitimate user session. This generally involves the theft or guessing of a session identifier (such as a cookie, URL parameter, or API token), allowing the attacker to masquerade as the authenticated user. By circumventing the login procedure, the perpetrator gains access to the victim's privileges, effectively commandeering the session after the user has already authenticated. This is distinct from simple credential theft, as the attacker leverages an already authenticated session rather than logging in independently.

Key Features of Session Hijacking

Session Token / Cookie Theft: Cybercriminals may capture session cookies or tokens through insecure networks (like public WiFi), cross-site scripting (XSS) attacks, or malware infections.
Session Fixation & Prediction: The assailant either creates or anticipates a valid session ID prior to the victim's login, taking over once the user authenticates.
Man-in-the-Middle (MITM) Attacks: On connections that are either unencrypted or inadequately encrypted, hijackers can intercept session identifiers.
Replay Attacks: An attacker may reuse a previously legitimate session token without needing to re-authenticate.
Session Privilege Abuse: Once they gain access, attackers can exploit the victim's privileges to alter settings, access sensitive information, or perform unauthorized transactions.
Weak Session Expiry or Logout: Sessions that do not have a fixed expiration time or fail to terminate upon logout increase the likelihood of being compromised.

Common Use Cases of Session Hijacking

E-commerce Platforms: If a user remains logged in, an attacker can take over the session to place orders or access payment details.
Web Applications with Extended Sessions: Services that maintain active sessions over prolonged periods are particularly at risk.
API-centric Services / Mobile Applications: The reuse of tokens and inadequate protection of session tokens (such as storing them in local storage instead of HttpOnly cookies) can facilitate hijacking.
Advertising & Account Management Systems: Platforms managing multiple sessions or user profiles rely heavily on secure session isolation and token management.
Corporate Networks / Remote Access: When remote sessions are not subject to stringent session oversight, attackers can hijack them to navigate laterally within a network.

Related terms

FAQs

Session hijacking is when an attacker gains control of a legitimate user session by stealing or guessing the session identifier, allowing them to impersonate the authenticated user.

Attackers may capture session tokens or cookies through insecure networks, cross-site scripting (XSS) attacks, or malware infections.

Session hijacking can lead to unauthorized access, privilege abuse, alteration of settings, access to sensitive information, and unauthorized transactions.

E-commerce platforms, web applications with extended sessions, API-centric services, advertising systems, account management platforms, and corporate networks with remote access are common targets.

Users can safeguard against session hijacking by using secure networks, enabling two-factor authentication, logging out after sessions, and ensuring session tokens are securely stored.