Recently a tool has been presented in Defcon hackers’ conference in Las Vegas, that automatically steals the IDs of non encrypted sessions and this tool is very useful for breaking Gmail user ID. When Users login into Gmail account, Gmail Server sends Cookie (A text file) to your browser. This file helps Gmail server to know that you are authenticated. This Cookie will log-in you in for 2 week unless you press sign-out or delete the Cookie. Even though when you authenticated using SSL, after that you are also not secure because the result return by the Gmail server is unencrypted connection.
Every time you request anything from the Gmail server like an image, your browser sends this Cookie file to Gmail server and any attacker can easily get this Cookie file by applying any network sniffer tool. After this attacker get your Gmail session ID and using this Session ID attacker can easily logged in your Gmail account without the need of any Username and Password. People using Gmail from public places, cybercafé and public wireless hotspots are more likely get rid by this type of attacks.
Always use https://mail.google.com because this will access the SSL version of Gmail. it will be persistent over your entire session and not only during authentication.