Attack Types

What Is Session Hijacking?

In Laravel Applications

Prevent session hijacking in Laravel by setting secure session options in config/session.php: "secure" => true (HTTPS only), "http_only" => true (no JavaScript access), "same_site" => "lax" (cross-site protection). Also regenerate session IDs after login with session()->regenerate().

Example

If http_only is false in your session config, an XSS vulnerability could steal the session cookie via document.cookie, allowing an attacker to impersonate the user.

Related Terms

Cross-Site Request Forgery (CSRF)

An attack where a malicious website tricks a user's browser into performing an unwanted action on a site where the user is authenticated. The browser automatically sends cookies with the request, so the target site processes it as a legitimate action from the user.

Cross-Site Scripting (XSS)

A vulnerability where an attacker injects malicious JavaScript into web pages viewed by other users. The injected script runs in the victim's browser with the same privileges as legitimate scripts, allowing the attacker to steal session tokens, redirect users, or modify page content.

Man-in-the-Middle Attack (MITM)

An attack where an adversary secretly intercepts and potentially modifies communication between two parties who believe they are communicating directly with each other. The attacker can read, inject, or alter data in transit.

Related Articles

The Complete Laravel Security Checklist for 2026

A comprehensive, 30-point security checklist covering every layer of your Laravel application. From .env protection and security headers to debug mode detection and DNS security.

What Is External Attack Surface Management (EASM)?

External Attack Surface Management continuously discovers and monitors your internet-facing assets for security risks. Learn how EASM differs from DAST, SAST, and pentesting, and why every team shipping web apps needs it.