Initial idea: In the article "Improved Persistent Login Cookie Best Practice," (http://jaspan.com/improved_persistent_login_cookie_best_practice) bjaspan suggests a clever means of catching a would-be cookie thief by creating a series identifier, which in a nut shell, flags a possible security issue if two computers attempt to use the same series identifier.
Problem: However, as "The definitive guide to form-based website authentication" Part II, point 1, rightly points out, this is easily defeated by the hacker simply deleting the user's cookie after copying it for themself. Since this article is reasonably popular, it's likely that anyone with enough know-how to steal the cookie would likely know to delete the old one.
Question: Is there a solution that would overcome this? The benefit of being able to detect a cookie theft (even if not immediate), is fairly valuable for persistent login security. Is there a better way to prevent or detect cookie theft?