A fast internet-based technology such as web-driven and mobile application is the most popular usage of people nowadays. With the blink of the eye, the number of users is increasing tremendously every single second. So does the number of web-driven and mobile application. Thus, the number of a hacked website also increases daily. As the end user, we are likely to concern about the security breach that might occur. One of the threats that can happen at application layer users is web session hijacking. Generally, session hijacking is the attack occurs to impersonate the real resource to serve the pretended as the legitimate user. One of the ways for this threat to happen is by stealing the session identification number. This paper presents the session hijacking definition, the taxonomy and the attack that might occur also a various possible method to detect or prevent the attack in a various situation by previous researchers. In addition, this review hopes to bring some awareness to the end users about the threat that is likely to occur while accessing any resources over the Internet using website.
