Session Hijacking

A session hijacking attack steals an established session between a client and web server after the user logs in or predicts what a session token will be based on easily guessed rules used in creating the token. A hacker could steal the session token using session sniffing, a cross-site scripting attack (XSS), or a man-in-the-middle (MiTM) attack. Using this session token, the hacker could access pages within the authenticated portion of the web application and view the same information as the user whose session token is being used.