# Session Fixation

Prophaze WAF can prevent session fixation attacks by the following ways

* Prevents attackers to hijack a valid session
* Blocks setting cookie values with in html
* Blocks session parameter with off-domain referrer
* sessid parameter with no referrer