Quite recently a new Firefox plugin - FireSheep was released - http://codebutler.com/firesheep
Essentially it does “session highjacking for dummies”, meaning that now every average Joe can install this plugin, connect to unsecured WiFi or non-switched network (think free wifi at coffee shops or school/university campus) to steal other peoples sessions to Facebook/Twitter/any other session that is unprotected.
While session highjacking is nothing new, what is important - is that this tool allows people with almost no knowledge and expertise on technical details (i.e. your little sister/brother your jealous boyfriend/girlfriend your classmate etc) to perform this attack. You would not want to overreact, though - it is not “the end of the web as we know it” 
As Chris Wysopal put it: “#firesheep is to cleartext web sessions as chainsaws are to trees. Everyone gets to be a lumberjack.”
What to do as a user: To avoid using unsecured networks altogether; to use SSL whenever possible; to use plugins that force SSL - HTTPS Everywhere
What to do as a developer: Ensure that session ID is well protected - Use SSL to protect session cookies. No other viable alternative comes to my mind. Maybe you can suggest something. Binding session to clients IP address (using $_SERVER[‘remote_address’]) et al) would be ineffective since this attack is performed from the same subnet (and since we are talking about wifi - both the attacker and victim would be behind the same NAT router).
More resources:
Presentation from author - http://codebutler.github.com/firesheep/tc12/#1
http://www.h-online.com/security/news/item/Firefox-extension-steals-Facebook-Twitter-etc-sessions-1124596.html
http://blogs.pcmag.com/securitywatch/2010/10/with_firesheep_all_your_http_s.php
http://www.f-secure.com/weblog/archives/00002055.html