The attacker induces a client to establish a session with the target
						software using a session identifier provided by the attacker. Once the user
						successfully authenticates to the target software, the attacker uses the
						(now privileged) session identifier in their own transactions. This attack
						leverages the fact that the target software either relies on
						client-generated session identifiers or maintains the same session
						identifiers after privilege elevation.