In
computer science,
session hijacking, sometimes also known as
cookie hijacking is the exploitation of a valid
computer session—sometimes also called a
session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a
magic cookie used to authenticate a user to a remote server. It has particular relevance to
web developers, as the
HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).