Form Authentication - Cookie replay attack - protection

Question

I am being asked about cookie replay attacks with my ASP.NET websites forms authentication.

I have followed the advice below to protect against any attack but think

Answer 1

I implemented a system that stores the SessionID in the auth cookie on the first authenticated request and then verifies the active SessionID matches the cookie on subsequent requests. Details on this answer. This avoided the server side tracking suggested in @WiktorZychla's answer.

This could probably be improved by storing a hash of Incoming IP + Request.Browser + SessionID in the session and the auth cookie, rather than just the SessionID.