Generally session hijacking refers to the notion that an individual attempts to access the session of the another, usually through a client-side substitution of data.
In example, person X fills out a login form at twitter.com. Twitter.com sends person X a cookie. Person Y, snoops the packet and manually inserts that cookie into their browser and visits twitter.com to find out they are logged in. This is session hijacking.
Then there is session fixation which is where I give you a link http://www.blah.com/?phpsessid=1234 and then pray that you go there and login, not noticing the PHPsessid in the URL. If you do, and if the site does not regenerate the session ID (as it always should on permission state change), then the hacker can now visit blah.com/?phpsessid=1234 and they will be logged in as you. In this manner they didn't have to snoop the session id because they were the ones who gave it to you.
Here is an excellent site with info on preventing basic PHP session hijacking which I believe can be a primer for your research.
http://phpsec.org/projects/guide/4.html