why you shouldn't connect to any Wifi you see

Wi-Fi or WiFi (/ˈwaɪfaɪ/) is a technology for wireless local area networking with devices based on the IEEE 802.11 standards. Wi-Fi is a trademark of the Wi-Fi Alliance, which restricts the use of the term Wi-Fi Certified to products that successfully complete interoperability certification testing.... You can read more about WiFi here

Now, it's normal for you to see a WiFi network and attempt to connect, why? Because of free Internet I guess. Everyone loves a free WiFi, I love a free WiFi so why should I not connect when I see one?

Well I'll answer those questions. Not everyone around you likes you or cares for you enough to give you free Internet, most times you see 'helpless' WiFi networks (ssid) when you leave your WiFi on or when you switch it on, and sometimes to your surprise IT'S FREE you then connect. But you did not take your time to think; why is this Network free especially when there is Internet access, is the owner rich enough to pay wi-fi bills and come to the public to share it... I guess you do sometimes but you just shut down the thought and proceed to the main task.

The answer is most times the owners of this networks have a mission, especially the malicious type(hackers).  
How can a hacker attack  me with just WiFi? 

Here is how : when your WiFi connects to a network, there is exchange of data, such as packets and sockets to authenticate the connection, the exchange of this data is called a session. During a session lot of data are exchanged to lay the groundwork for future communications.
(Read the article from Hacking loops below for thorough understanding)

Most concepts in computer networking are in some way related to the OSI model, which is comprised of seven different layers that map different stages and processes of data exchange between two remote computing systems. More importantly, the fifth layer is called the Session layer, and this is where the term “session” gets it’s name.  Within the Session layer of the OSI model, you’ll find common protocols such as SOCKS (a common type of proxy server connection), PPTP (Point to Point Tunneling Protocol), RTP (Real-time Transport Protocol), and others that aren’t as well known. However, when someone talks about session hijacking, they’re most often referring to a session between a client computer and a web server. In this context, “session” basically means a semi-constant exchange of information between two hosts. In contrast, consider constant exchanges through other protocols such as VPN tunnels, whereby the connection is permanent (barring technical difficulties, of course).  In a session, two computers exchange information and authentication credentials to lay the groundwork for future communications. Take Facebook, for example. After you have logged into the Facebook service, you can browse through your feed, chat with friends, and play games until you intentionally choose to log out. If a session hadn’t been built between your computer and the Facebook servers, you would need to continually login again and again every time you wanted a new piece of data. Fortunately, you don’t have to, because all of your connection information is stored within a cookie.(source: https://hackingloops.com )

Same applies to the WiFi client and the router or a computer/mobile device hot-spot in this case. While you connect with the hotspot or most times the attack can be in form of a LAN(Local Area Network) so during a session between you and the attackers wifi, he will attempt to sniff your cookies.

Cookies are tiny pieces of data mostly in a  .txt format stored in the browser, this  txt file stores most of your online login information and other information piece of data done through the Internet with your browser so when such websites needs them you won't have to input them everytime. This is often common with browsers that perform Auto fill like Chrome.

So during a successful session, he will attempt to sniff your cookies, the longer the cookiesneeded the longer the session the hacker needs, so he gets to sniff all of them.

The funny thing is that you don't have to be a professional hacker to sniff a cookie. There is an extension in Firefox that does this easily

Firesheep is a simple to use Firefox extension that leverages underlying packet sniffing technology to detect and copy cookies that are sent in an unencrypted format. If the cookie is sent across the network in an encrypted format, there’s not much this tool can do, however. But Firesheep makes it ludicrously simple to hijack a user’s session. As the extension sniffs out cookies, it populates a list of them on the sidebar of your browser in real-time. Once an unencrypted cookie has been discovered, the user (it’s so simple I doubt it’s fair to use the term hacker) simply needs to double-click on the cookie and they’ll automatically hijack the session and log in as the unsuspecting user.  Given that Mozilla is a legitimate and trustworthy organization, it’s a little odd that they wouldn’t blacklist the extension. However, Mozilla had stated that they only use their blacklist to mark code and add-ons that contain spyware and other such security threats. Since this tool doesn’t harm the user’s browser, it seems that it’s still available. But even if they did disable, attackers would still be able to use the tool since Firefox contains a feature that effectively disables the blacklist..

Although to use this method you have to be on a LAN(Local Area Network) and most times it's not easy getting to access to Local Area Networks(LAN)

But guess where  an attacker can easily connect to other users using a LAN?

Public places, right? Like airports, hospitals, schools, hotels and so on. And am pretty sure that's where you like to connect to WiFi networks just because it's free.

Think of the important things you do on the Internet like school fees payment, Amazon shopping and so on, all those data were definitely stored by your browser in a cache.