session-replay

Session Replay vs Session Fixation vs Session Hijacking

▼魔方 西西 提交于 2021-01-21 08:19:21
问题 Can anyone give a clear difference between session fixation, session replay and session hijacking attacks? I have read many articles, but the matter is still unclear between session hijacking and session replay attacks. 回答1: Both fixation and hijacking have ultimately the same goal - gaining access to a session. They only differ in how you achieve that. Session hijacking is simply the act of stealing an existing, valid session cookie. Most commonly through sniffing network traffic (a MITM