"Include the user agent from $_SERVER['HTTP_USER_AGENT'] in the session. Basically, when the session starts, store it in something like $_SESSION['user_agent']. Then, on each subsequent request check that it matches."
Non-trivial, but useful. Lets try to get this added.
From https://stackoverflow.com/questions/5081025/php-session-fixation-hijacking#5081453 :
"Include the user agent from $_SERVER['HTTP_USER_AGENT'] in the session. Basically, when the session starts, store it in something like $_SESSION['user_agent']. Then, on each subsequent request check that it matches."
Non-trivial, but useful. Lets try to get this added.