Problem
The trick is getting the sessionID. For example, in a connection to a web server, one method of hijacking a session is simply to learn or guess the session ID of another user. You may notice some websites will include a number in the URL bar as you are browsing a site. This is referred to as a sessionID and is generally associated with your specific session. If the web server is vulnerable to it, you can simply replace your number with another one and you'll find you've taken over another user's session. What are some things that can be deployed to prevent this kind of easy-to-do attack?