Simulate session cookies in mobile sessions?

Question

I discovered to my astonishment at the first glance that my thinking of how session cookies behave on mobile devices is overruled by reality.

On normal desktop brows

Answer 1

This is a bit of a dirty suggestion and by no means fool proof - but I reckon it's worth a mention. I've never had a phone that stayed connected to the internet while idling (they all cut off to conserve battery and whatnot) - and mobile networks recycle IP addresses very quickly.

It may be worth storing the IP address in the session data and - perhaps in conjunction with a last accessed timestamp - destroying/restarting the session if the IP address changes?

Obviously this assumes the client is connected via the mobile network and not wifi.