Session Hijacking nel pentesting web: furto cookie via XSS, session fixation, sniffing HTTP e takeover account. Analisi flag HttpOnly, Secure e SameSite.