Further Reading

Cookie Theft / Session Hijacking

Enter Facebook then close the tab. Next time you won't be asked to login. This is because Facebook has given you a session ID with which you no longer need to log in. It would be a pity if an attacker stole your ID. This is what's called cookie theft or session Hijacking.

It's a pretty common attack that mostly requires the user to click on a malicious link that leads to a web page whose JavaScript code reads the victim's cookies. Following this attack, hackers can impersonate you wherever you were logged in.

Here are more ways in which your session can be stolen.