Forum:Session hijacking?

When I just logged in I got an error message, something about session hijacking. What is session hijacking and why did I get that error? SereneChaos 01:20, December 3, 2011 (UTC)


 * Your session is the period of time you're logged in for. It begins when you log in, and ends when you log out. This session is controlled by a cookie that the server gives you when you log in. Every time you load up a page, your browser shows the cookie to the server, so that the server knows who you are. That cookie is unique to you and that particular session. If someone else were to get their hands on that cookie, they could use it to log in as you without using your password - that's session hijacking. MediaWiki takes steps to prevent people from gaining access to your account through those means, and disallows certain actions when something isn't right. For example, if you try to open a rollback link as a popup, MediaWiki won't perform the rollback. When you get an error message about session hijacking, it just means that MediaWiki isn't entirely sure you are who you say you are, and to protect your account, it won't let you do what you wanted to do. The vast majority of these messages are false positives, but they also stop a lot of hacking.
 * That's what session hijacking is - as to exactly why you got the message, I don't know. If it won't let you log in at all, you should send a message to Special:Contact/bug.


 * Oh, it's a cookie grabber. Okay, thanks for the explanation! =) SereneChaos 01:50, December 3, 2011 (UTC)