When browsing your gmail on a public wi-fi network, it is trivial for a network eavesdropper to intercept your google cookie and use it to fully impersonate you at gmail. SessionLock helps to protect web sessions from this kind of hijacking and impersonation. Using the gmail login, which is performed over SSL, SessionLock sends a secret token to the browser by redirecting to:
JavaScript code at the inbox URL reads the token, clears it from the address bar, and uses it to sign every subsequent AJAX call that fetches or sends an email.