Get Started Book a Demo

Session Hijacking Attack

13th May 2020 | Cybrary Session Hijacking Attack


session hijacking cybrary

A Session Hijacking Attack occurs when a user session is taken over by an attacker. A normal session starts when you log into a service, for example your banking application, and ends when you log out. The session hijacking attack relies on the attacker’s knowledge of your session cookie, so it is also called “cookie hijacking” or “cookie side-jacking”. Although any computer session could be hijacked, session hijacking most commonly applies to browser sessions and web applications. In most cases when you log into a web application, the server sets a temporary session cookie in your browser to remember that you are currently logged in and authenticated. HTTP is a stateless protocol and session cookies attached to every HTTP header are the most popular way for the server to identify your browser or your current session.

To perform session hijacking, an attacker needs to know or be able to predict the victim’s session ID. This can be obtained by stealing the session cookie or persuading the user to click a malicious link containing a prepared session ID. In both cases, after the user is authenticated on the server, the attacker can hijack the session by using the same session ID for their own browser session. The server is then tricked into treating the attacker’s connection as the original user’s valid, authorized session.

Source: NetSparker

Additional Reading:

  1. Corporate Account Takeover Attacks: Detecting and Preventing 
  2. What is Session Hijacking: Your quick guide to session hijacking attacks

Related Terms:

What does this mean for an SMB?

The best way to defend against a session hijacking attack is to educate your employees and staff on the risks involved with everyday use of the Internet and what they can do to reduce the likelihood of a security breach. These attacks can be brought on by a user clicking on a phishing link, or opening an attachment that allows for the hacker to gain information about your browser connection. By educating employees on the dangers of phishing, along with using CyberHoot’s Phish Testing modules, you can significantly reduce the likelihood of you or your company becoming victim to an attack like this. 

To learn more about Session Hijacking, watch this short 3 minute video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

When You Become the Hacker: How Modern Attacks Trick You Into Hacking Yourself
4th November 2025 | Blog

When You Become the Hacker: How Modern Attacks Trick You Into Hacking Yourself

In a shift away from the usual “hack-meets-victim” narrative, a new kind of cyber-assault is emerging. One...

Read more
Domain Takedowns: How to Remove Fraudulent and Typo-squatted Domains and Websites
28th October 2025 | Blog

Domain Takedowns: How to Remove Fraudulent and Typo-squatted Domains and Websites

In cybersecurity, not all attacks happen through fancy malware or zero-day exploits. Some of the most effective...

Read more
The AI Threat Awakens: What OpenAI’s Latest Report Reveals About Cybercrime
14th October 2025 | Blog

The AI Threat Awakens: What OpenAI’s Latest Report Reveals About Cybercrime

The rapid rise of generative AI has unlocked enormous promise, but it’s also accelerating the arms race in...

Read more
Get Started All Posts