I have a question regarding AIM. How does session hijacking work? I'm not necessarily asking how to do it, just how it works. I have found little on Google. I just don't see how it's possible to gain control of someone's AOL/AIM account without a keylogger, and maybe even without a trojan virus. Anyone know how this works?