In simpler terms, user A can log onto a website such as Facebook or Amazon using their user name and password, and user B, or the hacker, can then steal user A???s cookie and hijack the logged in session, gaining total access to the website as user A without ever being asked for a password.