I won't provide an example,however if you have a cookie grabber script,whoever visits that script,leave information such as ip adress,browser used and of course your session cookies from the site you were.
Now,let's say you're logged in your hotmail account,and i send you a masked link wich will read like
http:/microsoft.support%897%Y%JJG%HUUU <--all that jibberish is hiding the real url of my malicious site. Now click on it,i got your cookies and if you left your session open,i can use your cookies to login into your account.
HOW? simple,addons for firefo browser has a cookie editor,so i clean my own cookies,write yours and hit reload.
Good tutorial was written by fourthdmension,lok for it.