Sidejacking is the process of stealing someone's access to a website, often done on wireless public networks. To sidejack access to a website, the bad actor uses a packet sniffer to obtain an unencrypted cookie that grants access to a website, such as webmail. Sidejacking allows the bad actor to impersonate the user as the session cookie is already providing access to the website's content.
Sidejacking does not allow the bad actor access to the user's password. Once the session is logged off, and authentication is required to log in, the bad actor loses access. SSL access is common and does prevent the discovery of passwords, but many sites do not encrypt data after login and therefore are open to this type of security hole.