__________________ is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.
A.
Cross site scripting
B.
Session hijacking
C.
SQL attack
D.
ID hijacking
Explanation:
Session hijacking, also known as TCP session hijacking, is a method of
taking over a Web user session by surreptitiously obtaining the session ID and
masquerading as the authorized user. Once the user’s session ID has been accessed
(through session prediction), the attacker can masquerade as that user and do
anything the user is authorized to do on the network.