A Session Hijacking Attack occurs when a user session is taken over by an attacker. A normal session starts when you log into a service, for example your banking application, and ends when you log out. The session hijacking attack relies on the attacker’s knowledge of your session cookie, so it is also called “cookie hijacking” or “cookie side-jacking”. Although any computer session could be hijacked, session hijacking most commonly applies to browser sessions and web applications. In most cases when you log into a web application, the server sets a temporary session cookie in your browser to remember that you are currently logged in and authenticated. HTTP is a stateless protocol and session cookies attached to every HTTP header are the most popular way for the server to identify your browser or your current session.