HOWTO: secure Gmail to prevent session hijacking

HOWTO: secure Gmail to prevent session hijacking


By default, after logging into Gmail with a secure https connection, you are forwarded to an unencrypted url with some session data that tells Gmail and other Google services that you’ve authenticated successfully.

The problem is that anyone sniffing your wireless (or wired) connection can listen to that session information and use it to impersonate you. This could mean reading your email, pulling previously entered addresses from Google maps, or opening up your Google Docs or Analytics information. This session “sidejacking” was recently demonstrated at the 2007 Black Hat conference, where the presenter, Robert Graham, took control of an audience member’s account during a live presentation.

Safely Connecting to Gmail
If you’re using public, unencrypted, or WEP-encrypted WiFi, there’s a way to force Gmail to use an encrypted connection. If you manually navigate to, your connection will remain encrypted after logging in. This does not work for, so make sure to use the right address.

Log Out Before Leaving Gmail
This part sucks. Your authentication cookies will still be set for the domain. If you navigate to any other Google properties after logging into secure Gmail, your session information will be spilled for any WiFi sniffer to see. This probably includes going to any site that runs adsense… which is almost every site available via the internet tubes.

So, to safely use Gmail:

  1. close all other browser tabs and windows before going to secure Gmail
  2. don’t click any URLs in emails or navigate to any other sites while Gmail is open
  3. sign off before continuing to browse the web (might not hurt to also flush any cookies)
Discuss this article with the rest of the community on our Discord server!


Ready to dive into the realm of hands-on innovation? This collection serves as your passport to an exhilarating journey of cutting-edge tinkering and technological marvels, encompassing 15 indispensable books tailored for budding creators.

Escape to an island of imagination + innovation as Maker Faire Bay Area returns for its 15th iteration!

Buy Tickets today! SAVE 15% and lock-in your preferred date(s).