Binding of IP address with Session id

Question

To prevent the session fixation problem, how can we bind the IP address with the session id? Is it possible to bind the session id with that of the IP address??

Answer 1

I've read some article about it before. it is possible that you check the user IP address as an extra session meta data. but if you want to use it as a general session ID, you might have problem to deal with users behind a certain proxy gateway, where all users will have the same IP address. although it could be used to prevent session theft (using techniques like cookie highjacking) for some level. but it should be considered that the cookie hijacker can also mimic the IP address of the victim. so checking the user session and also the IP address can be a good practice to have a higher security, but is not a bullet proof solution.