What is session Hijacking
Trying to imitate as a original even without knowing credential and fooling server by showing session_id to remain un_caught.
Your Quick Guide to Session Hijacking Attacks
How session works :
Once users enters his/her username and password such that it is authenticated from server and database end server is going to maintain the user state for tracking its activity.
This tracking will be done for the specific span of timestamp time he/she may use to go for logout option and timestamp + token given to the user will be expired.
How server Identifies this user uniquely
Step1: Authenticate the user
Step2: Alot the encrypted unique session id with a timestamp to each other
Step3: The copy of token is saved in cookie
Step4: When ever for the request for the same url is called everytime before giving access to the user server is going to match this token
If token in cookie is == to session token being store user is valid else server kicks him out.
0 Comments