Session hijacking why do you think session hijacking is still a valid attack?

Session hijacking

why do you think session hijacking is still a valid attack? What makes session hijacking possible and what technical control or controls would you put in place to prevent session hijacking from being successful? What would you implement to stop session hijacking?