I’ve just been reading this: TG Daily – Point and click Gmail hacking at Black Hat (thanks for passing that on Al)
Basically, if you aren’t logging into GMail using SSL then someone can grab your cookie and replay it. Well, that is pretty obvious if you are familiar with how all that kind of thing works and of course, I only log into GMail using SSL in fact, Google enforces this. Oh… actually, now I look it doesn’t enforce it at all…
If you enter the url mail.google.com it automatically redirects you to https://mail.google.com and all is well. But if you log in and then close your browser, re-open it and enter it again it takes you straight to http://mail.google.com presumably passing the unencrypted cookie along the way.
Opening up your e-mail is not good, especially when you consider the alarming wealth of sites that still send password reminders as plain text which are all sitting in your mail archive along with those that send your full credit card number when you get an order confirmation.
GMail works perfectly well if you add the all important little ‘s’ into any of its URLs so why don’t they just enforce it and save us the bother?
A bit of this, a bit of that... 
Has this happened to anyone?
I’ve been surfing online more than 2 hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me.
In my opinion, if all website owners and bloggers made good
content as you did, the internet will be much more useful than ever before.
Way cool! Some extremely valid points! I
appreciate you penning this article and also the
rest of the site is extremely good.
I got this website from my buddy who shared with me regarding this web site and at the moment
this time I am visiting this website and reading very informative content here.