• An attack in which an attacker steals authentication tokens after all factors have been validated. These tokens, which can include cookies but also bearer tokens as well as JWTs (JSON Web Tokens), are then used to perform session hijacking.

1. Previous term: Pascal case
2. Next term: Passkey
3. Random term: Responsibility assignment matrix