In the case of a session hijacking an attacker relies on the legitimate user to connect and authenticate and then take over the session.
In spoofing attack, the attacker pretends to be another user or machine to gain access.
Successful session hijacking is extremely difficult and only possible when a number of factors are under the attacker's control.
Session hijacking can be active or passive in nature depending on the degree of involvement of the attacker in the attack.
A variety of tools exist to aid the attacker in perpetrating a session hijack .
Session Hijacking could be very dangerous and there is a need for implementing strict countermeasures.