Session Fixation is a web security vulnerability where an attacker sets or fixes a session identifier for a user, allowing the attacker to hijack the user's session once they log in. This attack exploits the trust a web application places in the session ID, enabling unauthorized access to the user's account or data.