I've been thinking about security after learning about session hijacking. Suppose I'm using my computer and a hacker steals my cookies and session ID. Later, they use that stolen session ID to access my social media account from a different device and IP address. If I then download my account activity or logs from the platform, will the hacker's access—including their IP address, device details, and location—be visible in the logs? Since they used my session ID instead of logging in with my username and password, will this be recorded as a separate session in the log report?
2 Answers
Honestly, you should prioritize changing your passwords and setting up two-factor authentication. If someone logged in using your session ID, it could still appear in the logs, but the details may not be comprehensive. It sounds like in your case, the system might not log every bit of device info, especially if they masked their access.
It's worth noting that while some logs might show the session activity, hackers can often manipulate or spoof their IP address. So, you might not get a clear picture of their login info, especially if they used your session ID on a new device. Always keep your security tight and be aware of potential log manipulation.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads