Session Hijacking is where an attacker Steals a network session by guessing (or other ways) the session ID (identification number). Each packet has a session ID in tcp sessions from client to server.
Once the hacker has a web server session they will try and gain more access on your webserver.
The problem is cataloged on www.owasp.org
Once the hacker has an in they will go and add from there (this is called a beachhead). The beachhead is only the start as an initial command line will most likely add to their access. As the hacker tries to gain and add to their conquest.
This is why a defense in depth strategy is important, as new hacking methods may come in, The system administration overhead has to be kept up, otherwise the hackers win.
Contact us to find and test your webserver.