developersarena catering techies

While there are many major security issues possible in a web application, there is a particular one that bugged me for some time. The Identity theft - Broken account and session management issue.Why can one so easily still my session id cookie and suddenly gain access to my account in one particular web application? I know it its rather impossible to make this 100% hack-proof but I strongly believe that the system should be improved as much as possible. Our goal is to implement a Zend Auth extension that adds a new level of security to the previously mentioned class. This extension - let's call it Project_Application_Auth - would check the Zend Auth storage for the IP and/or User Agent. In order to do so, these should be set in the login process in the storage. If the IP is different then the initial IP from the login process and / or the User Agent is not the same as the initial User Agent from the login process, then our extension would tell us that it is not a secure identity (aka it is safe to assume it has been stolen) and thus we should disconnect the user.