and then uses a hijacking technique to take over the session and
               assume the identity of the authorized user. The following list includes

               some common techniques:

                    Capturing details of the authentication between a client and server
                    and using those details to assume the client’s identity

                    Tricking the client into thinking the attacker’s system is the server,
                    acting as the middleman as the client sets up a legitimate
                    connection with the server, and then disconnecting the client

                    Accessing a web application using the cookie data of a user who did

                    not properly close the connection

               All of these techniques can have disastrous results for the end user and
               must be addressed with both administrative controls (such as anti-
               replay authentication techniques) and application controls (such as
               expiring cookies within a reasonable period of time).