Difference between session fixation and session hijacking

Session fixation and session hijacking are both attacks that have a common goal i.e. to gain access to a legitimate session of another user. But the attack vectors are different.
In a session fixation attack, the attacker already has access to a valid session and tries to force the victim to use this particular session. While in a session hijacking attack, the attacker tries to get the ID of a victim's session to use his/ her session.

Rate this article: 
Average: 1.7 (1238 votes)
Article category: