what is the difference between session fixation and session hijacking ?

 session hijacking :  is when the attacker acquires the session ID from a user's authenticated session.

session fixation: is when the attacker acquires a valid session ID by visiting the target web application first, and then attempts to get a user to initiate an authenticated session with the same session ID.