This code prevents session hijacking. It compares the ip number of the creator with that of the user of the session. If they don't match it gives an error. BTW $sid is my session variable.
session_start();

if(!isset($sid) || empty($sid))
{
   $sess_addr = $REMOTE_ADDR;
   session_register(sess_addr);
}
elseif($sess_addr != $REMOTE_ADDR)
{
   echo "This sessions has been hijacked.";
   extt;
}