Update docs/specification/draft/basic/security_best_practices.mdx

SamMorrowDrums · localden · web-flow · commit a9f2658105b0 · 2025-06-11T21:50:59.000+02:00
Co-authored-by: Den Delimarsky 🌺 &lt;53200638+localden@users.noreply.github.com&gt;
diff --git a/docs/specification/draft/basic/security_best_practices.mdx b/docs/specification/draft/basic/security_best_practices.mdx
@@ -144,7 +144,7 @@ MCP servers **MUST NOT** accept any tokens that were not explicitly issued for t
 
 ### 2.3 Session Hijacking
 
-Session hijacking is when a client is provided a session ID by the server and another client is able to use the same session ID to act on behalf of the original client in some way.
+Session hijacking is an attack vector where a client is provided a session ID by the server, and an unauthorized party is able to obtain and use that same session ID to impersonate the original client and perform unauthorized actions on their behalf.
 
 #### 2.3.1 Session Highjack Prompt Injection
 
