Binding of IP address with Session id

Question

To prevent the session fixation problem, how can we bind the IP address with the session id? Is it possible to bind the session id with that of the IP address??

Answer 1

You can, but its not such a good idea. If your client is behind a farm of proxies their external IP address may change on every request. AOL do this, for example.