Session hijacking is the unauthorized use of an active session ID to gain access to a system or to gain privileges on a system.
Session hijacking can be accomplished in a number of ways, including:
1. Using a session ID that has been compromised by a hacker.
2. guessing a valid session ID.
3. obtaining a valid session ID through social engineering.
4. obtaining a valid session ID through a vulnerability in the system.