What is session hijacking (TCP session hijacking) ? - Definition from Whatis.com

Definition

session hijacking (TCP session hijacking)

Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.

The session ID is normally stored within a cookie or URL. For most communications, authenticationprocedures are carried out at set up. Session hijacking takes advantage of that practice by intruding in real time, during a session. The intrusion may or may not be detectable, depending on the user's level of technical knowledge and the nature of the attack. If a Web site does not respond in the normal or expected way to user input or stops responding altogether for an unknown reason, session hijacking is a possible cause.

This was last updated in May 2006

Dig Deeper

  • Scaling Agile software development: Challenges and solutions

    Software consultant Nari Kannan describes how agile practices and work can be scaled appropriately for success in large organizations. Using lean thinking, reduction of waste, and appropriately organizing work and people, agile can be successfully adapted, regardless of the size of the organization.

  • Rise in hidden software glitches caused by programmer retirements

    Undiscovered software glitches in complex systems are common, and one of the primary drivers is the loss of mainframe knowledge of a retiring workforce. Software glitches are lurking in many large systems, particularly mainframe systems, and the COBOL programmers that understand the code best are retiring, according to Jeff Papows, author of the new book, "Glitch - The hidden impact of faulty software." Papows describes how faulty software caused a huge charge to debit card holder's account and why such mistakes are on the rise in this interview. Papows notes the three most pressing drivers for software glitches: loss of intellectual knowledge, market consolidation and the ubiquity of technology

  • How important are SQL skills for a tester?

    Karen Johnson explains the situations in which SQL skills are important for a software tester as well as times when the expertise is not required.

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com