Skip to main content


Home Session hijacking

Session hijacking

Session hijacking definition

Session hijacking is a cyberattack that happens when a hacker takes over a user’s internet session. The attacker tricks the website into thinking they are the original user. If the attack happens after the user logs in, the hijacker can do anything the original user could do — add items to their cart and buy them if it’s an online shop or make a large transfer to themselves if it’s a bank account.

How session hijacking happens

  • Session side jacking. The attacker finds the session ID while the user is connected to an insecure network and using websites without encryption.
  • Session fixation. The attacker tricks the user into using a particular session ID they created, and once the user is logged into their account, takes over.
  • Brute force. The attacker tries all possible combinations to guess the session ID.
  • Cross-site scripting. The attacker uses vulnerabilities in legitimate websites to plant a script that steals users’ session IDs and sends them to the attacker.
  • Malware. The attacker installs spyware on their target’s device and has it send the session ID to them.

Preventing session hijacking

  • Don’t use public Wi-Fi. If you ever do — make sure you have a VPN app on your device. Public Wi-Fi hotspots are often unsecured, and users’ data is not safe while traveling on them.
  • Don’t use websites with expired SSL certificates. Always make sure a little lock icon is located next to the URL.
  • Use NordVPN’s Threat Protection Pro feature to scan your downloaded files for malware.
  • Beware of phishing and never open a link if it’s the least bit suspicious.