If someone manages to steal an authentication cookie, they might be able to access the account of that user.
How might a website provide an extra layer of security to prevent this?
Exactly! Usually, sites have extra layers of security to prevent someone who steals a cookie from logging in.
Wouldn't preventing different IP address requests increase security?