Session Sidejacking
Session sidejacking is a type of security threat in which an attacker hijacks a session by intercepting and reading network traffic between two parties to steal the session cookie.
Unsecured WIFI hotspots are particularly vulnerable to this type of interception, since anyone sharing the network will generally be able to read most of the network traffic between other nodes and the access point. Alternatively an attacker (with physical access) could simply steal the session key directly.
Defense
To prevent session sidejacking, data passed between the Uniface Web Application Server and the browser should be encrypted, for example by using HTTPS rather than HTTP. This completely prevents sniffing style attacks.
