Why not keep a dictionary that maps the cookie credential to the IP
used when the credential was granted, and make sure that the IP
matches the dictionary entry on every page access?
Most of us get our IP addresses through DHCP, which means they can change whenever our system (or router) is rebooted.