If you want to make sure Session-Information (Cookie / Sessionkey) is safer you could use the PHP-Extension Suhosin, where you can Encrypt this information with several user-data in the key. f.e. the user-agent, IP-Adress (or parts of it)
We (a group of students from FH Gießen-Friedberg - University of Applied Sciences) developed an admininterface for the extention to use in Moodle.
Additional we developed an Moodle-Plugin which contains PHP-IDS as Intrusion-Detection- and Prevention-System, so f.e. the use of SQL-Injektions, which is already escaped by the moddle-core, is loged and can cause penalties for the user.
Our Plugins are developed on the newes moodle version 2, so you can't use this plugins right now, but will be able to, when moodle 2 developement is stable (at the moments its RC1) and you decide to upgrade.
Our Plugins are available at http://sourceforge.net/projects/hardeningmoodle/files/