Technically, the\u00a0HTTP communication<\/strong>\u00a0uses many TCP connections, thereby, it becomes mandatory for the server to recognize every user\u2019s connections with the help of a specific method. The most common one in use is the authentication process, once it is completed the server forwards a token to the client browser. The token is formed of a set of variable width and it could be used in different ways \u2013 say like, in the header of HTTP requisition as a cookie, in other parts of the header of the HTTP request, in the body of the HTTP requisition or in the URL. The hacker exploits the session token by robbing or predicting a valid session token to gain an unofficial access to the web server. The session token compromising can happen in different ways.<\/p>\n In layman terms, the hacker without revealing the true identity tactfully enters the conversation and gains access to key information which is being communicated.\u00a0 After taking control, the hacker has the ability to intercept, send and receive information without the knowledge of the sender and receiver.\u00a0Session Hijacking<\/strong>\u00a0happen two ways and, they are:<\/p>\n Different Ways Of Session Hijacking<\/strong><\/p>\n Session Sniffing<\/strong><\/p>\n As mentioned above, the tokens help the hacker to intrude in a valid session. So, the online attacker first gets the session id. Sniffing is also known as Packet Sniffing is used to get the session id. When this is accomplished, the gains full unauthorized access to the web server.<\/p>\n
![\"\"](\"https:\/\/www.mozdomains.com\/blog\/en\/wp-content\/uploads\/2019\/03\/download.png\")
<\/p>\n