A proxy means multiple usernames sharing one IP. That’s totally fine.
What I think O’malley was talking about is large ISPs (e.g. AOL) who may push their users through a different proxy IP on every single request. These are the users you’d be screwing over. A few large European ISPs do this too.
With AOL, they maintain a public list of those proxy subnets (http://webmaster.info.aol.com/proxyinfo.html) so if it’s an issue you can make your application treat all those IP addresses as one big IP. None of the other ISPs maintain such a list though, so those users would continue to get screwed.
Your method does add some extra protection but it inconveniences a lot of users. In any business I’ve worked in, kicking out all of AOL is not something management will allow. And the places where you need the security the most (e.g. online banks), that’s just not an option.
The amount of protection you’re adding is debatable too. You’re still allowing people behind the same single proxy IP to steal each others sessions. And at some ISPs, that can be a hell of a lot of people.
I’m not sure the tradeoff for pissing off a bunch of other customers is worth it.
A better approach, depending on your application, is to require re-entry of the user’s password for critical actions.
It really depends on the application though, and what’s at stake. Dealing with a stolen session ID at a pr0n site is different to dealing with one at a bank.