What is session Hijacking

Trying to imitate as a original even without knowing credential and fooling server by showing session_id to remain un_caught.

Your Quick Guide to Session Hijacking Attacks 

How session works : 

Once users enters his/her username and password such that it is authenticated from server and database end server is going to maintain the user state for tracking its activity.

This tracking will be done for the specific span of timestamp time he/she may use to go for logout option and timestamp + token given to the user will be expired.

How server Identifies this user uniquely

Step1: Authenticate the user

Step2: Alot the encrypted unique session id with a timestamp to each other

Step3: The copy of token is saved in cookie

Step4: When ever for the request for the same url is called everytime before giving access to the                        user server is going to match this token

If token in cookie is == to session token being store user is valid else server kicks him out.