What is session hijacking?
Web developers are especially wary of session hijacking because the HTTP cookies used for a website session can be booted by an attacker.
In the early days the HTTP protocol did not support cookies and therefore web servers and browsers do not include the HTTP protocol. The evolution of session hijacking began in 2000 when HTTP 1.0 servers were implemented. HTTP 1.1 has been modified and modernized to support super cookies, which have made web servers and web browsers more vulnerable to session hijacking.
Web developers can employ certain techniques to prevent their sites from being session hijacked, including encryption methods and the use of long random numbers for the session keys. Other solutions consist of changing cookie value requests and implementing session regenerations after logins.
Firesheep, a Firefox extension, has enabled public user session hijacking attacks by accessing personal cookies. Social networking sites like Twitter and Facebook are also vulnerable when users add them to their preferences.