What is session hijacking?
Session hijacking occurs when a session token is sent from the web server to a client browser after successfully authenticating a client login. A session hijacking attack works if it compromises the token by either confiscating it or by guessing what an authentic token session will be, thereby gaining unauthorized access to the web server. This can lead to session sniffing, man-in-the-middle or man-in-the-browser attacks, Trojans, or even the implementation of malicious JavaScript code.
Web developers are especially wary of session hijacking because the HTTP cookies used for a website session can be booted by an attacker.
In the early days the HTTP protocol did not support cookies and therefore web servers and browsers do not include the HTTP protocol. The evolution of session hijacking began in 2000 when HTTP 1.0 servers were implemented. HTTP 1.1 has been modified and modernized to support super cookies, which have made web servers and web browsers more vulnerable to session hijacking.
Web developers can employ certain techniques to prevent their sites from being session hijacked, including encryption methods and the use of long random numbers for the session keys. Other solutions consist of changing cookie value requests and implementing session regenerations after logins.
Firesheep, a Firefox extension, has enabled public user session hijacking attacks by accessing personal cookies. Social networking sites like Twitter and Facebook are also vulnerable when users add them to their preferences.
English 
German 