(also session fixing)
A way to force someone to use a specific session ID while they browse. The cybercriminal prepares for the attack by first obtaining a valid session ID for the targeted website. Then they trick the victim into logging into the website (for example, a banking account) using the predefined session ID. This can be done through phishing, smishing, or other social engineering attack. Once the victim clicks on the link and authenticates using that predefined ID, the attacker will be able to access the account and impersonate the owner.