I have a question regarding hijacking session variables. Let us suppose we have a web app supported by Spring Security and I have landed on a page with a bunch of session variables stored on the server side. Now, session variables normally are not accessible purely from the client side. Is there any way for the client to somehow get the page re-directed to another web app (with malicious server-side scripts) while keeping the current session variables intact?
My impression is that it is not possible without significant flaws in the original web app.
Anyhow, the question is: Is it possible to steal session variables of web apps supported by Spring Security without making any changes to the server side content of the web app?
Edit: Using TLS
If the client/Server communication does not use SSL then, yes it is possible to sniff the sessionID. This should be the case with any framework that does not leverage any kind of client-server communication encryption.
It is also possible for the client to get redirected to another web application. This is part of a XSS attack(Cross site scripting). There are two types of XSS. Stored and reflected.
You can find more details here Cross Site scripting