
**Session hijacking** is a process in which a session of a user is hijacked by a malicious actor altogether with the user's personal information. 

**Example:** When a user starts a session to make online payments, logging into a business/personal account, an attacker can hijack it.
> The exploitation mechanism of the web sessions usually starts to extract a session ID or session token. This session token leads to gaining unauthorized access to the webserver.

# 
## How is a session hijacked?

A single server handles multiple clients to make HTTP requests, and to facilitate these requests, many different TCP connections are created. To evolve these requests, a #key# Token: Unique Identifier #key# is assigned to the client browser sent by *webserver*.

 A **session token** is usually composed of a string of variable length. It can be used as a browser cookie, through HTTP packet (either in the packet header or Body), and as a URL. There are multiple ways through which token IDs get compromised, but the most common are:
1. Session sniffing
2. Client-side attacks
3. Session fixation
4. Man in the Browser (MITB) attack
5. Man in the middle (MITM) attack



To avoid session hijacking, you should take some precautions. Here are some valuable suggestions.
1. Visit trusted sites, i.e., HTTPS.
2. Visit encrypted webpages.
3. Avoid phishing scams.
4. Check for system updates.
5. Don't use public hotspots.
6. Use paid VPNs.


To avoid session hijacking, you should take some precautions. Here are some valuable suggestions.
<ol>
<li>Visit trusted sites, i.e., HTTPS.</li>
<li>Visit encrypted webpages.</li>
<li>Avoid phishing scams.</li>
<li>Check for system updates.</li>
<li>Don’t use public hotspots.</li>
<li>Use paid VPNs.</li>
</ol>

How do we avoid session hijacking?

Take precautions to avoid session hijacking.

Take precautions to avoid session hijacking.

What is session hijacking?

Session hijacking is a process in which a session of a user is hijacked by a malicious actor altogether with the user s personal information. Example: When a user starts a session to make online payments, logging into a business/personal account, an attacker can hijack it.  The exploitation mechanism of the web sessions usually starts to extract a session ID or session token. This session token leads to gaining unauthorized access to the webserver.  