In a session hijacking attack, an attacker can capture the cookie from a user who has logged on to a website and uses data found inside the cookie to also log on to the same website without having to enter a username and password combination. This would allow the attacker to gain access to the user (victim) account details.
The cookie can be captured using either sniffing or man-in-the-middle (MITM) attacks.