Start with Identity
Subscribe
← Glossary
Threat

Session Hijacking

Stealing a valid session, commonly via a captured session cookie or token, to impersonate a user and bypass MFA. Mitigated by token binding, short lifetimes, and DPoP.