juniorWeb Security

What is session hijacking?

Updated May 6, 2026

Short answer

Session hijacking is stealing a user's active session token.

Deep explanation

Attackers reuse session IDs to impersonate users without credentials.

Real-world example

Logged-in accounts taken over in public WiFi.

Common mistakes

  • Not using HttpOnly cookies.

Follow-up questions

  • How to prevent it?
  • What is session fixation?

More Web Security interview questions

View all →