LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the two main attacks on sessions?

Session hijacking = stealing a victim's existing session ID; session fixation = planting a known session ID on the victim, then using it after they log in.

Hijacking steals an existing session ID (V→A); fixation plants a known ID (A→V) and waits for login.

* Hijacking steals an existing session ID; fixation plants a known one and rides it once the victim logs in. *

Attack Description Direction
Session Hijacking Stealing a session ID from a victim's system Attacker ← Victim
Session Fixation "Planting" a session ID into a victim's system Attacker → Victim

Session Hijacking methods:

  • XSS to steal cookies
  • Network sniffing (if not HTTPS)
  • Malware on victim's machine

Session Fixation: Attacker creates a session, tricks victim into using it, then hijacks the authenticated session.

Go deeper:

From Quiz: SPRG / Authentication & Session Management | Updated: Jul 14, 2026